How to change the default WordPress Admin URL for better security

Configurare noua (How To)

Situatie

By default, WordPress allows access to the admin panel via example.com/wp-admin or example.com/wp-login.php. While this makes it easy for users, it also makes it an easy target for bots and hackers trying to brute-force their way into your site. Changing the default admin URL is a simple but effective way to improve security.

Why change the default WordPress Admin URL?

The default /wp-admin and /wp-login.php URLs are well-known entry points, making them a primary target for attacks. Here are a few reasons why changing the login URL is a smart move:

Prevents brute-force attacks – Bots constantly scan websites for /wp-admin and try to guess login credentials.
Reduces bot traffic – Hiding the login page can help reduce unwanted server load.
Adds an extra layer of security – Even if someone finds your admin credentials, they won’t be able to log in without knowing the custom URL.

Method 1: Changing the Admin URL with a Plugin (Recommended)

The easiest way to change the WordPress admin URL is by using a plugin.

Best Plugins for Changing the Admin URL

  1. WPS Hide Login (Most popular and lightweight)
  2. iThemes Security (Includes additional security features)
  3. WP Hide & Security Enhancer (More advanced customization)

Steps to Change Admin URL Using WPS Hide Login

  1. Install and activate the WPS Hide Login plugin
  2. Go to Settings → General in your WordPress dashboard
  3. Scroll down to the WPS Hide Login section
  4. Enter your custom login URL (e.g., example.com/my-secret-login)
  5. Click Save Changes.

Important: Once you change the login URL, the default /wp-admin and /wp-login.php will no longer work. Bookmark your new URL to avoid getting locked out.

Method 2: Manually Changing the Admin URL Without a Plugin

If you don’t want to use a plugin, you can manually configure your .htaccess file (for Apache servers) or functions.php.

1. Change the Login URL Using .htaccess

For Apache-based WordPress sites, you can redirect the login page using .htaccess.

Steps:

  1. Edit your .htaccess file (found in the root of your WordPress installation).
  2. Add the following code at the bottom:
    apache
    RewriteEngine On
    RewriteRule ^my-secret-login$ wp-login.php [L]
  3. Replace my-secret-login with your desired admin URL.
  4. Save the file and test by visiting example.com/my-secret-login.

2. Restrict Access to the Default Login URL

To block direct access to wp-login.php, add this to .htaccess:

apache
<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from YOUR_IP_ADDRESS
</Files>

Replace YOUR_IP_ADDRESS with your actual IP

Solutie

Tip solutie

Permanent

Voteaza

Up Down
(9 din 17 persoane apreciaza acest articol)
Share
Tweet
Share

Despre Autor

Leave A Comment?