Now I know you may be wondering “why do I have to change my WordPress login URL”. Well in this article I intend to teach you how you can keep your WordPress site safe from hackers by changing or hiding your WordPress login URL.
Looking at your site’s page source, one can simply tell if your site is running on WordPress or not. All WordPress sites have a default login URL of /wp-login.php and also have admin as their default administrative username. So it’s quite easy to attack your WordPress login URL using tools like brute force to guess all the possible passwords for the admin username.
So many WordPress sites have been take down like this. I have also being a victim of such attacks except that my administrative username is not admin and my default WordPress login URL has been changed from /wp-login.php.
So in this article I am going to show you how to change the default WordPress login URL from http://www.mywebsite.com/wp-login.php to http://www.mywebsite.com/login using an awesome tool called Better WP Security WordPress plugin.
There are other ways you can also do this like editing your site’s .htaccess file in the root folder of your website by adding the following line:
RewriteRule ^login$ http://www.mywebsite.com/wp-login.php [NC,L]
(Note to replace the mywebsite.com with your own domain name) & you can change the login to anything you want too.
But if this method will be too “techy” for you or you are scared of editing the .htaccess file for fear of messing your site up the then second option I am about to discuss below will be best for you to change your WordPress login URL.
Change WordPress Login URL with Better WP Security:
Note: Always backup your WordPress site before installing any plugins or editing any file.
First install and activate the Better WP Security Plugin on your WordPress site. The plugin works well with WordPress version 3.6 and 3.6.1 (tested by me on these two versions).
After activating the Better WP Security plugin you will notice Security tab has been added to your WordPress dashboard.
Click on the Security tab to reveal its options. Click on the “Create Database Backup” button.
Then click on the “Secure My Site from Basic Attacks” button.
Then Click the “Hide” tab
You may see a warning like this if you are using the default WordPress Permalink structure, so click on “WordPress permalinks” to go to the WordPress Permalink Settings page, then click “Custom Structure” and enter /%postname% then save.
Then go back to Security > Hide backend
Click on “Enable Hide Backend” and enter your desired login, register, and admin slugs or leave them at the plugin’s defaults of “login”, “register”, and “admin” and save changes.
Now your WordPress login URL has changed from http://www.mywebsite.com/wp-login.php to http://www.mywebsite.com/login or whatever you used instead of login.
Note: Ensure to remember anything you entered as the slug for your login URL as you will be logging in to your site always from this new URL.
Now I hope you can easily change your WordPress login URL and keep your WordPress site safe from hackers. If you have any questions to ask, post it on the comment below.Remember to subscribe to my RSS feed.
Top WordPress Plugins to Boost Your Site’s Traffic
5 Great WP Widgets for Your Blog
Some of the best keyword tools
Show or hide different widgets on different pages on WordPress
BroadedNET – Instant Traffic without SEO and Social Media
Hello Nwosu
Better WP Security is one of the great plugin that should be used by every WordPressers on their blog. Really changing login url protects our blog from attack since all of us have the same login url.
I learned a new wordpress stuff today through your post.
Thanks for the clear tutorial to change the wordpress login url with Better WP security.
Keep sharing the useful information Nwosu :)
Hi Nwosu Mavtrevor,
Hiding WordPress blog’s back end URL is a good move. I’ve had this feature long back ago and disabled now because the guest bloggers started emailing about the login/register url. When the go to http://www.mywebsite.com/wp-login.php, they faced a 404 error.
Thanks and glad you found it interesting.
If you look at my guest post page, i provided them the login link to the dashboard.
Hello Nwosu,
What an interesting post indeed. Changing your default admin page is very important and highly necessary. I was using this plugin some time pack but right now, i am no more using it. i am using a hand made script instead which i feel is awesome and reduce my blog load :)
Thanks for this awesome post and do have a nice week ahead :)
Oh really awesome trick bro, Not only me i believe a large number of bloggers have the issue to change the username in wordpress. keep posting these useful wordpress tips. thank you.
Great information! May be I will try it sooner….. Have to study it first and see if something amazing would happen…. Thanks for sharing this post! ;)
How does the plugin work? Is it simply using a redirect or does it actually rename the URL?
It edits your .htaccess file
Hi Nwosu,
Super plug in here.
Use a non-generic log in URL to make it difficult for hackers to access your site. Staying one step ahead by activating such plug ins saves you so many darn headaches in the long run.
Thanks so much for sharing the steps and plug in with us Nwosu.
Enjoy your weekend!
Ryan
Hi Nwosu,
I have been also a victim of hackers on one of my blogs, Better WP security plugin is a great and easy to use plugin to keep your blog safe. I also recommend deleting the default admin account and create a new account for your blog administration. Thanks for sharing this article.
You don’t have to delete the admin account, you can simply rename it from your database.
Hi mate,
it sounds interesting, could you share with me your handmade coding to approach this result?
regards
Its already in the article…
Nice tip.
But, have you tried this if its compatible with Theme My Login?
Lately i have been a victim of random ips trying to log into my dashboard so i decided to use another plugin which is essentially used to hide your blog from other people from knowing your site is running on WordPress, and it also has the feature of hiding login page. But the sad news is that it clashes with Theme my Log in (meaning, it doesn’t hide that log in page still, until i deactivated it).
I have not tried it with Theme My Login but it does everything you listed. You can try it out.
Hi Nwosu,
I tried adding the code to the htaccess file but it does not seem to work for me. Is the code supposed to be in the base .htaccess file or within wp-admin?
Druv
It should be on the base .htaccess file. Better WP Security would’ve been a safer and easier option for you.
I tried it in the base .htaccess file but it keeps redirecting me back to wp-login. It should be very simple, but i have no idea why it isn’t working. I am not really a plugin person.
Better WP Security can really be very useful for a lot of reasons, i recommend you try it out.