Skip to main content

How to Change the Default WordPress Login URL

By default, the WordPress login page is accessible via the URL yoursite.com/wp-login.php. This URL is widely known and can be targeted by malicious actors trying to gain unauthorized access to your site. Changing the default login URL adds an extra layer of security by obscuring the login page and making it harder for attackers to find.

While using a plugin like WPS Hide Login is the easiest way to change the login URL, you can also do it manually by adding some custom code to your WordPress site. Here’s how:

Using Code to Change the Login URL

  1. Edit your theme’s functions.php file:You can change the login URL by adding a filter to your theme’s functions.php file. Here’s the code snippet:
    function custom_login_url() {
    return home_url( '/custom-login/' );
    }
    add_filter( 'site_url', 'custom_login_url', 10, 3 );

    This code redirects any attempt to access wp-login.php to a custom URL, such as yoursite.com/custom-login/.

  2. Handling Redirection for wp-login.php:If someone tries to access the default wp-login.php URL, you may want to redirect them to your new custom login page. Here’s how you can add a redirect for wp-login.php:
    function custom_login_redirect() {
    if (strpos($_SERVER['REQUEST_URI'], 'wp-login.php') !== false) {
    wp_redirect(home_url('/custom-login/'));
    exit();
    }
    }
    add_action('init', 'custom_login_redirect');

    This code checks if the URL contains wp-login.php and then redirects the user to the /custom-login/ page.

  3. Test Your New Login URL:After adding the code, you should test it to ensure it works as expected. Try to access yoursite.com/wp-login.php and check if it redirects to your custom login page.

Important Notes:

  • Remember the New Login URL: After changing your login URL, make sure you remember or store the new URL (yoursite.com/custom-login/ in this case). You’ll need it to log in going forward.
  • Flush Rewrite Rules: Sometimes, WordPress might cache the previous URL. To ensure the new login URL works, visit Settings > Permalinks and click Save Changes to flush the rewrite rules.
  • Use Caution: Changing the login URL using code requires caution, as mistakes in the functions.php file could break your site. Always back up your site and test any changes in a staging environment first.

Using a Plugin (Alternative Method)

If you’d prefer a simpler method without having to write code, you can use a plugin like WPS Hide Login. This plugin allows you to easily change the login URL without touching any code:

  1. Install and Activate the Plugin:
    • From your WordPress admin panel, go to Plugins > Add New.
    • Search for WPS Hide Login.
    • Click Install Now, then activate the plugin.
  2. Configure the Plugin:
    • After activation, go to Settings > WPS Hide Login.
    • Enter your new login URL (e.g., yoursite.com/my-login/).
  3. Test the New Login URL:
    • Try accessing your site’s old login URL (wp-login.php). It should now redirect to your custom login URL.

By changing your default login URL, you reduce the risk of brute-force attacks targeting your login page and add a layer of security to your WordPress site.

Recommended For You

Security & Privacy

How to Add a Custom Tab to WooCommerce Product Pages with Code

Webcells
Webcells
Security & Privacy

Protecting Your WordPress Site from Brute Force Attacks

Webcells
Webcells
Security & MaintenanceSecurity & PrivacyWordPress Maintenance

The Importance of Maintenance in WordPress Websites

Webcells
Webcells