Every website’s owner knows our website’s security is our first priority with no doubt. There are plenty of security advice we should definitely follow including that you should probably change your WordPress login page URL
Let me explain Why and How.
Why Use Custom Login URL in WordPress
As you know WordPress default login URL is /wp-login.php or you can just type in /wp-admin/ and it’ll redirect you there before logging. And It’s no secret that the default login page can be found by going to wp-admin, or wp-login.php.
Now maybe your thinking Should I care? Yes! you should and let me explain why!
What a hacker need to steal your site? Username and password, Right?
But before entering this field they will need to know where is a login form. And as you know that WordPress default login is same as every site. Also, it’s pretty easy to tell if any given website is a WordPress website. You can look at the page’s source and see things like /wp-content/themes/function.php or /wp-content/plugins/…, etc. Once I know your site is a WP site, I now know your login URL is /wp-login.php.
And about Username, WordPress creates an “admin” username by default. Now she or he has your login URL and possibly your login username (admin). Now it’s a matter of guessing your password.
So Guessing password is not an easy job. Still, assuming they keep trying and keep doing, possibly taking down your site by many HTTP requests. Or she or he could try brute force attack on your website to guess your password.
Note:- A brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.
So brute force attack is performed by a software bot to trying 10000 passwords in 1 second and now maybe it’s easy for an attacker to guess your ideal password.
Now you definitely know that an easy and painless job (changing WordPress admin URL) can save your investment.
How to Change WordPress Login URL without any plugin
Changing the WordPress Login URL without plugin is very easy and handy and I would personally recommend.
First of all, To be safe than sorry take a backup of wp-login.php and store in a safe place just in case of any wrong step.
All you need is access to your site’s files and should have a text editor (I’m using Notepad++). Now choose your ideal login UR, for example, /newlogin.php
Go to your root directory where you can find wp-login.php
Once you find, Name this file whatever you want your login URL to be. In this case, I named it newlogin.php.
Next, open up the newlogin.php Now find and replace every instance of “wp-login.php” in the file – then replace it with your new file name as newlogin.php
If everything’s looks perfect then click on Replace All. And in the bottom of the text editor, you’ll see Replace All: 12 occurrences were replaced.
Now you should be able to log in by navigating to your new URL. In my case, it’s localhost/wp/newlogin.php. Any HTTP requests to the /wp-login.php, or /wp-admin directories will lead visitors to a 404 not-found page.
By mistake, if something goes wrong, you don’t have worry you still have a backup file. Just restored the file in root directory and everything will be the same as before.
This is an article about changing WordPress URL login to custom login without any plugin. If you still facing a problem, please comment below. I’ll demonstrate.