WordPress is one of the most popular content management systems used by millions of websites worldwide. However, its widespread use also makes it a target for hackers and malicious attacks. One effective way to enhance the security of your WordPress site is by changing the WP admin login URL. By doing so, you can add an extra layer of protection and make it more difficult for unauthorized individuals to gain access to your admin area and prevent brute-force attacks. In this article, we will guide you through the process of changing the WP admin login URL, step by step, ensuring the security of your valuable website.
How to Change WordPress Admin Login URL?
There are various methods to hide the WordPress login URL. We’ll be covering the most simple and effective way via plugins. Please don’t modify WordPress core files to achieve this.
Hide My WP Ghost (paid)
You might be asking why pay for a plugin when this article covers a free one that does the same job… Hide My WP Ghost does much more than hide the WordPress admin/login URL, it allows you to change virtually every path/slug that WordPress uses, sending would-be hackers doing the walk of shame because your site is locked down.
All security features:
| Change | Disable | More |
|---|---|---|
| wp-login.php & /wp-admin | xml-rpc.php | Firewall – SQL injection |
| Lost password path | Directory browsing | Temporary logins |
| admin-ajax.php path | Right-click | Ban IP addresses |
| wp-content path | Inspect element | Enable security headers |
| wp-includes path | Theme detector ability | Custom style |
| Uploads path | Pingbacks | Custom error messages |
| Plugins path | View source | reCAPTCHA protection |
| Themes path | Copy/paste | Activity & User log |
| CSS & JS versions | REST API | Track file changes |
| IDs from meta tags | Embed scripts | Vulnerability checks |
- Backup your WordPress install
Always back up before making changes to your site. If you have a staging environment available, this would be a great use for testing before deploying to your live site. - Purchase and Download the Plugin
The first step is to purchase Hide My WP Ghost from the official website., using the link will give you a discounted license for $23.99! Once you’ve completed the purchase, download the plugin files to your computer. - Log in to Your WordPress Dashboard
To begin, log in to your WordPress dashboard using your existing admin credentials. - Install and Activate the Plugin
- Click “Plugins” in the left-hand sidebar, then
- Select “Add New.” on the plugins page.
- Click the “Upload Plugin” button at the top.
- Choose the plugin file you downloaded in Step 1 and click “Install Now”
- After the installation is complete, click on the “Activate Plugin” button to activate Hide My WP Ghost.
- Configure the Basic Settings
- Once the plugin is activated, you’ll see a new menu item called “Hide My WP” in the WordPress dashboard. Click on it to access the plugin’s settings.
- On the settings page, you’ll find various options to customize the plugin’s behavior. Start with the “General” tab, where you can configure basic settings such as the website’s slug, which determines how your URLs will appear.
- Review the options and make any desired changes. You can also enable or disable specific features according to your needs.
- Advanced Settings
Hide My WP Ghost offers advanced settings that allow you to further customize your website’s appearance and security. These settings include changing permalinks, modifying scripts and stylesheets, and more. Explore the “Advanced” tab to adjust these options based on your requirements.- See the Hide My WP Ghost Features page for more.
- Test and Verify the new URL(s) you set
Once you have configured the settings to your satisfaction, it’s crucial to test and verify that Hide My WP Ghost is functioning correctly. Open a new browser window or incognito tab and visit your website to ensure that the URLs and source code are now hidden and protected.
Make sure you save your new WP login URL! If you lose or forget it, you’ll have to disable the plugin to access the backend.
WPS Hide Login (free)
- Backup your WordPress install
Always back up before making changes to your site. If you have a staging environment available, this would be a great use for testing before deploying to your live site. - Log in to Your WordPress Dashboard
To begin, log in to your WordPress dashboard using your existing admin credentials. - Install and Activating a Plugin
- Click on “Plugins” in the left-hand sidebar of your WordPress dashboard.
- Select “Add New” from the dropdown menu.
- In the search bar, type “WPS Hide Login” and hit Enter.
- Locate the plugin and click on “Install Now.”
- Once the installation is complete, click on “Activate.”
- Alternatively, you can always download the plugin from WordPress.org and manually upload it.
- Accessing Plugin Settings
After activating the “WPS Hide Login” plugin, you need to access its settings to change the WP admin login URL. Follow these steps:- In the left-hand sidebar, click on “Settings” and select “WPS Hide Login.”
- You will be redirected to the plugin’s settings page.
- Configuring the Custom Login URL
On the “WPS Hide Login” settings page, you will find a field labeled “Login URL.” This is where you can set your desired custom login URL. Here’s how you can do it:- Enter your preferred login URL in the “Login URL” field.
- Make sure to choose a unique and secure URL that is easy for you to remember but difficult for others to guess.
- Once you’ve entered the new login URL, click on the “Save Changes” button.
- Logging in with the New URL
After saving the changes, you can log out of your WordPress dashboard. To log back in using the new login URL, follow these steps:- Open a new browser tab.
- Enter your website’s URL followed by the custom login URL you’ve set.
- For example, if your website is “www.example.com” and your custom login URL is “opensesame,” the new login URL will be “www.example.com/mynewlogin.”
- Hit Enter, and you will be directed to the login page.
- Enter your admin credentials and log in as usual
Make sure you save your new WP login URL! If you lose or forget it, you’ll have to disable the plugin to access the backend.
Change WP Admin URL FAQs
Here are some common questions related to changing and hiding the WP admin login URL:
Why should I change the WP admin login URL?
Changing the WP admin login URL adds an extra layer of security to your WordPress site. It makes it more difficult for hackers and malicious bots to locate the login page, reducing the risk of brute force attacks and unauthorized access.
Can I change the login URL without using a plugin?
While it is technically possible to change the login URL manually by modifying the WordPress core files is not advised.
Is changing the WP admin login URL a one-time process?
Yes, once you have changed the WP admin login URL using the plugin, the new URL will remain in effect until you decide to change it again. It is a one-time configuration that enhances the security of your WordPress admin area permanently given that you don’t deactivate or remove the plugin.
What happens if I forget the custom login URL?
It is important to choose and save a custom login URL that is easy for you to remember. However, if you forget/lose the URL, you can regain access to your login page by disabling the plugin. Once disabled, your WP Dashboard will be accessible via the default wp-login.php and /wp-admin
Can changing the login URL cause any compatibility issues with plugins or themes?
In most cases, changing the login URL should not cause any compatibility issues. However, it is always recommended to test your site’s functionality after making any changes. If you notice any compatibility issues with specific plugins or themes, you can try reaching out to their developers for assistance or consider using alternative solutions.
Does changing the login URL guarantee complete security for my WordPress site?
No, Changing the WP admin login URL is a valuable security measure because it can prevent login/password-related attacks, but it is not the only one you should implement. It is essential to follow other best practices, such as using strong passwords, keeping your WordPress installation and plugins up to date, and regularly backing up your site.
