How to Change The WordPress Login URL Without Plugin

changed WordPress URL login

Every website’s owner knows our website’s security is our first priority with no doubt. There are plenty of security advice we should definitely follow including that you should probably change your wp-admin URL

Let me explain Why and How.

Why Use Custom Login URL in WordPress

As you know WordPress default login URL is /wp-login.php or you can just type in /wp-admin/ and it’ll redirect you there before logging.  And It’s no secret that the default login page can be found by going to wp-admin, or wp-login.php.

Now maybe your thinking Should I care? Yes! you should and let me explain why!

What a hacker needs to steal your site? Username and password, Right?

But before entering this field they will need to know where is a login form. And as you know that WordPress default login is the same as every site. Also, it’s pretty easy to tell if any given website is a WordPress website. You can look at the page’s source and see things like /wp-content/themes/function.php or /wp-content/plugins/…, etc. Once I know your site is a WP site, Now I know your login URL is /wp-login.php.

And about Username, WordPress creates an “admin” username by default. Now she or he has your login URL and possibly your login username (admin). Now it’s a matter of guessing your password.

So Guessing a password is not an easy job. Still, assuming they keep trying and keep doing, possibly taking down your site by many HTTP requests. Or she or he could try brute force attack on your website to guess your password.

Note:- A brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.

So brute force attack is performed by a software bot to trying 10000 passwords in 1 second and now maybe it’s easy for an attacker to guess your ideal password.

Now you definitely know that an easy and painless job (changing login URL WordPress) can save your investment.

How to Change WordPress Login URL without any plugin

Changing the WordPress Login URL without a plugin is very easy and handy and I would personally recommend it.

First of all, To be safe than sorry take a backup of wp-login.php and store in a safe place just in case of any wrong step.

All you need is access to your site’s files and should have a text editor (I’m using Notepad++). Now choose your ideal login UR, for example, /newlogin.php

Go to your public_html directory where you can find wp-login.php. You can open it using FTP client software or File Manager in your cPanel.

wp-login php - Change WordPress Login URL

Once you find, Name this file whatever you want your login URL to be. In this case, I named it newlogin.php.

Next, open up the newlogin.php and find and replace every instance of “wp-login.php” in the file – then replace it with your new file name as newlogin.php

If everything’s looks perfect then click on Replace All. And at the bottom of the text editor, you’ll see Replace All: 12 occurrences were replaced.

Now you should be able to log in by navigating to your new URL. In my case, it’s localhost/wp/newlogin.php. If any HTTP requests to the /wp-login.php, or /wp-admin directories will lead visitors to a 404 not-found page.

changed WordPress URL login

By mistake, if something goes wrong, you don’t have to worry you still have a backup file. Just restored the file in the root directory and everything will be the same as before.

This is an article about changing WordPress URL login to custom login without any plugin. If you still facing a problem, please comment below. I’ll demonstrate.

Method 2: Protect wp-login.php With a Cookie and .htaccess

Try this technique If you don’t like above one

Update: Recently I found a new technique that does the same job but in a better way.

What’s our main motive? To hide our login page, right? So without changing your login page as wp-login.php, you can still fool attackers.

One of my clients asks that this’s possible and I was curious about this. So I search for little, create many threads on many forums, and finally I got my client question’s answer.

Assume, random people trying to access login page just by going wp-login.php and he gets Forbidden page. But in your case, you can still log in from wp-login.php to your site.

Follow the below steps to figure out how:

To try this technique, you will have to do 2 steps.

Step 1: Put this code to your .htaccess file

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_COOKIE} !^.*wp\-connex=2917998723.*$ [NC]
RewriteRule wp-login.php - [F]
</IfModule>

Of course, you’re thinking that’s safe or not. But I’m telling you this is completely safe and I’m using this on my client sites too.

Let me explain the code. On the 4th line, you have to choose the login page name. I set to wp-connex  (You can rename it).

Now, what this code will do? This is a little tricky still I’ll try to explain. As you can see on the 4th line we set HTTP_COOKIE to cache a cookie who knows real login page.

In simple words, If a guy goes to wp-login.php or wp-admin, he’ll get a Forbidden error because we set the cookie to access this file or directory. So he needs to first log into the area that sets the cookie before the actual login page. And we set the cookies to wp-connex.php.

Step 2: Create a new login page for cookie

Once you are done with .htaccess, you have to create a file that we had set cookie. We named it wp-connex.php, you can name whatever you want but don’t forget to change in the code too.

To create a file:  Take a new page in notepad, paste this code and save it as wp-connex.php

<?php
setcookie("wp-connex", 2917998723);
header("Location: wp-login.php");

That’s it. We need these two files as .htaccess is already been on a server so you just need to edit, no need to create a new .htaccess file.

Now login to your server by FTP software or Cpanel to upload these files in the root directory.

From now on, people need to first go to yourdomain/wp-connex.php to access wp-login.php.

Method 3: Change your WordPress login page URL using a plugin

I’ve not intended to mention the plugin method but some of you are new to WordPress and want to change the wp-admin URL using a plugin.

Just a reminder, these plugins won’t prevent hacking completely. However, you can use WordPress security plugins to add an extra layer of security for your site.

To change the WordPress login URL, I recommend to use Easy Hide Login:

  • Easy way to hide wp-login.php
  • No need to rename wp-login.php or change files in core
  • Lightweight plugin

If you want to change the wp-admin URL without touching wp core files, you definitely use this plugin (It’s better than WPS Hide Login for me). Also, It doesn’t literally rename wp-login.php or change files in core

And this plugin gets the job done easily and quickly. What’s more, it has 20,000+ Active Installations with 4.5 ratings and updated regularly.

So let’s see how we gonna use this plugin but before that make sure you have a backup of your site. Once you have done that install and activate the plugin.

Once you did, navigate to Settings > Easy Hide Login in your WordPress dashboard. On the next screen, you’ll get this…

Easy hide login slug text
Easy Hide Login Slug Text

Once you get there, you need to put slug text (In my case it’s mylogin) in the field and hit the submit button. What will happen that your actual login page will be shown 404 error and your new login page will /?mylogin

For example: If I need to log in, I’ll go to https://www.mediumtalk.net/?mylogin and you’ll be redirected to your actual login page as wp-login.php.

easy hide login demo gif

From now on, you’ll be able to use this address to log into your site. If for some reason you ever want to reverse this process, just empty slug test and hit submit or deactivate WPS Hide Login, and the URL will return to normal.

Thanks for Reading

Enjoyed this post? Share it with your networks.

Comments (30)

  1. Firoz
    • admin
      • Waqas Ahmad
        • Editorial Staff
          • Sandeep kumar
  2. Bella
  3. Eva
  4. Eva
  5. Kadix
    • Editorial Staff
  6. Eli
  7. Salman
  8. Emmuel
  9. Iris B.
  10. David Marques Neves
  11. Icy
  12. jav
  13. adnan
    • Editorial Staff
  14. adnan
  15. THAS
    • Editorial Staff
  16. erik

Leave a Feedback!

This site uses Akismet to reduce spam. Learn how your comment data is processed.