How To Change The Login URL In WordPress (Security Hack)

Last Updated on June 22, 2020 by Fabrizio Van Marciano

Here's a quick tutorial to help you add an extra layer of security to your WordPress blog.

A while back I discovered a cool plugin that enabled me to change the login URL for one of my niche website's.

Why would I want to do this?

Well, sadly that niche site I was being bombarded with too many failed login attempts.

And yes, I did have the Limit Login Attempts plugin installed. But even so, there were still too many failed login attempts. That made me feel quite uncomfortable. What if one of those attempts were successful? What then?

Every few hours I would get an email notification about a failed login attempt.

On top of this, I also noticed an increase in "spammy" user registrations for the site. I had to do something about this quickly.

Are you experiencing the same issue with your blog?

If you're reading this and you're experiencing exactly the same kind of issues with your blog or membership WordPress site. Especially if you have the subscription option enabled like I do, the good news is that you can do something about it.

Here are some options:

  1. Disable user registration.
  2. Change URL of the login page.

So, the first obvious thing you can do is disable user registrations entirely. However, that's not really a great solution. Especially if you depend on your users subscribing to your site to use certain features. You need to have this enabled in which case, right?

The other option you have is to completely change the URL login name, i.e. changing the URL permalink structure.

Bingo! That's exactly what we're going to do and I'll show you how.

Plugins needed for the job

So, the easiest way to change the login URL in WordPress is to use a simple plugin.

There's a few of them dotted about in the WordPress repository. Unfortunately, though, most of them are no longer maintained.

Originally I was using the Rename wp-login.php plugin. However, this hasn't been updated in over three years now.

There's another plugin you can use called: WPS Hide Login.

This is the plugin that I use on this site currently. It is an ultra lightweight plugin with one simple setting.

Before we start using this plugin, I want to give you a few important tips for changing the URL structure of your login page.

  1. Change the URL to something memorable: Change your new login URL to something that you and your site members will easily remember, yet something that will not be so obvious for unwanted visitors to guess. For instance; /login-page/ is pretty obvious so try and avoid using ones like that. You could instead use something like /jump-on-board/ or /let-me-in/ or /members-only-page/. I'm sure you can think of a few better ones. If you don't require users to log in to use your site, you can change the URL to something more complex. But remember that YOU still have to remember it for your own use.
  2. Write it down: Make sure you write the new login page URL somewhere until you remember it off by heart. Or, simply bookmark it somewhere on your computer.

Right then, let's begin...

1. Installing WPS Hide Login plugin

Pretty straightforward stuff if you're already familiar with WordPress.

If you're not familiar with WordPress, then all you have to do is -

From the back end of your site (WordPress Admin area), head over to Plugins > Add New, and do a search for "WPS Hide Login". See the screenshot below.

wps hide login
  • Save

Once you've found it, simply hit the install and activate button.

If you prefer to download the plugin from the repository and upload it to your site via FTP, please check out this useful video. Though, these days, you don't have to.

2. Configuring the WPS Hide Login plugin

Next is to make one simple configuration. Yep! Just one...

Head over to Settings > WPS Hide Login. Scroll down to the bottom of the page until you see the option to add a new string to the login page. See image below.

wps hide login 2
  • Save

Simply add a new URL extension of your choice in the box provided, then add the extension you'd like to have the old login page to redirect to. Once you're done hit save.

That's it you're all done! How easy was that?

What happens to your wp-login.php URL extension?

If you now try accessing the old login page wp-login.php URL of your site or blog, you should be redirected to whatever page you entered in the redirection URL. I have mine redirected back to my blog page.

More WordPress security tips

There you have it, you've changed the URL name of your login page and added an extra layer of security to your WordPress site.

If you want to add even more security to your login page, the WP Limit Login Attempts plugin is something to consider installing if you haven't already done so.

You can find this plugin here: Download WP Limit Login Attempt Plugin.

If you'd like to learn more cool WordPress security tips and hacks, check out this detailed blog post.

Also, do let me know if this has worked for you. I'd love to know. You can get in touch with me via the contact page here.

Ad - Is your website sending visitors away? Did you know that 94% of visitors make a 1-second decision, whether to trust or distrust a website based on design and usability? Click here to stop losing subscribers, sales, customers, and clients.

  • Save

Join Over 21,000+ Readers

Get fresh content from Magnet4Blogging delivered straight to your inbox, spam free! Or follow us on social media.
pencilenvelopecamera-videomic linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram
Share via
Copy link