Are you a WordPress user and thinking of changing your WordPress website login URL for additional security? If yes, then this article is for you. Below we have shared step-by-step instructions about how you can change your WordPress website login URL.
In today’s world of digitalization, most businesses are going online. As we all know, most websites are designed with the help of WordPress because it is straightforward to use; WordPress is already a secure platform, but still, it is essential to take care of your WordPress website’s security.
Talking about things you can do to make your website more secure includes hosting your websites with a trusted hosting provider, keeping all themes and plugins up to date, and installing a security plugin. But do you know? Just by changing the WordPress login URL, you are making your website 50% more secure.
Yes, you heard right!
Your WordPress website will become 50% more secure when you change its default login URL, which is “yoursite.com/wp-admin”. But now the question arises, how is the custom login URL responsible for security when we have a login ID and password?
Well, the answer is because of a Brute-force attack!
For those who don’t know, a Brute-force attack is the type of hacking attack in which a hacker tries to login into your website with the guessed passwords. With advanced automation, the hacker will try millions of different password combinations on your website, and in some conditions, they will succeed in accessing your website admin area.
But a Brute-force attack can not be performed without knowing the correct login page, so that’s how your WordPress website becomes more secure just by changing the website’s login URL. We highly recommend you to take the backup of your WordPress website before starting with the actual process, here is how you can do it.
How to Backup WordPress Websites?
It is easy to take the backup of the WordPress website; below, we have shared the step-by-step instructions to be done with it. Follow the instructions carefully.
First of all, you need to log in to your WordPress website, open your favorite web browser and go to your website’s login page. Enter the correct login ID and password, then click on the Login button, and you will be redirected to the WordPress admin area.
Now go to the Plugin>> click on Add New and search for “UpdraftPlus WordPress Backup Plugin.” Once you find the plugin, click on Install and Activate the plugin.
After activating the plugin, go to the Updraft setting page and configure the plugin. You can set the automatic backup after a specific interval of time. The backup created with the plugin can be stored on many remote storage spaces, including Google Drive and Dropbox.
You can configure your available remote space to store the back and create the backup of your website manually for the first time by clicking on the big blue Backup Now button. Your backup will be saved to configured remote storage automatically.
Ways to Change WordPress Login URL
It is straightforward to change the WordPress login URL. What you need to do is just follow a few steps, and you are done. WordPress login URL can be changed in 2 different ways,
- Using a WPS Hide Login Plugin
- Making Changes in Core WordPress files
Below, we have shared step-by-step instructions about how you can change your website’s login URL with or without the plugin. Follow the below instructions carefully. But before starting with the actual process, make sure you have taken the complete backup of your website.
How to Change WordPress Login URL Using a WPS Hide Login Plugin?
WPS Hide Login is the free plugin to change the WordPress login URL. Here is how you can configure it.
First, you need to install the WPS Hide Login plugin on your WordPress website. For that, log in to your WordPress website using a correct login ID and password, then go to the Plugin >> click on Add New and search for “WPS Hide Login.”
Once you get the plugin, click on Install and then Activate the plugin. Go to Setting >> General and scroll down the page; you will find the option to change your login page URL.
You will not only get the option to change the login URL, but you can also redirect your old login URL, which is “yoursite.com/wp-admin.” to a custom page.
Enter the word you want to keep as the login URL in the Login URL field and enter the URL on which you want to redirect the user after visiting your old login URL, which is “/wp-admin” in the Redirection URL field. Click on Save Changes, and you are done.
Note: When you activate the WPS Hide Login plugin, your WordPress website’s login URL will be automatically changed to “yoursite.com/login.”
Now you know how to change the WordPress login URL using WPS Hide Login. WPS Hide Login is quite simple and easy to use, but it only provides you with the option to change the login URL.
Your website will not become fully secured just by changing the login URL, so we recommend installing another freemium plugin called iTheme Security. The paid version of this plugin is also available, but as a normal user, the free version is sufficient for you.
Install iThemes Security for Additional Security
Install the iTheme Security as you have installed the WPS Hide Login plugin. First of all, login to your WordPress website, Go to Plugin >> Click on Add New and search for iTheme Security.
Click on Install and Activate once you find the plugin. After activation, you will get a new option as Security below Settings, click on it, follow the setup wizard, carefully read all the options, and enable them. This plugin provides you with below security options,
- Two-Factor: Two factors authentication increase the security of your website in a realistic manner. At the time of login, the user needs to provide additional information than username and password.
- Local Brute Force & Network Brute Force: Using this option, you can protect your website from brute force attacks. The plugin will immediately block the users who try to log in more than 5 times or use “admin” as a username.
- File Change: When you activate this option, the iTheme Security plugin will monitor any changes made in the core WordPress file.
There are a few more security options, but they are not so important. The pro version of iTheme Security comes with hundreds of advanced security options. This will also allow you to change the WordPress login URL, which means if you have iTheme Security Pro, you don’t need to install WPS Hide Login.
Best Plugins to Change WordPress Login URL
There are hundreds of plugins that allow you to change WordPress login URLs, some of them are free, and few advanced security plugins are paid. Below we have listed the best free alternatives to WPS Hide Login and Loginizer.
1. Hide My WP Ghost Plugin
Hide My WP Ghost is one of the best and free security plugins. It was developed by WPPlugins. As with WPS Hide Login, this plugin is not just to change the login URL, you can do lots of security optimizations with it. The paid version of the plugin is also available, which comes with some advanced features.
Talking about stats, this plugin has secured more than one lack of websites and protected them from 1,600,000 brute force attempts all across the globe. It will offer you complete protection from brute force attacks and SQL injection, XML-RPC attacks, and script injection by adding filters and security layers on your WordPress website.
Some Cool Features:
- Compatible with WP Multisite, Apache, Litespeed, Nginx, and IIS
- Hide all the common WordPress paths
- Change URLs in Ajax calls
- Change CDN URLs using CDN Mapping
2. All In One WP Security & Firewall
This is another excellent alternative for WPS Hide Login. It is a pretty advanced plugin, offering you lots of advanced security options as this plugin will detect any user account with a default “admin” username. It will not just detect but also provide you with the option to change it.
Another cool feature of the plugin is its password strength tool which provides you with the features to create a solid password. It will also stop user enumeration so that no one, a user or bot, cannot find users’ info by using the author permalink.
Some Cool Features:
- Protect your PHP code by disabling file editing
- Ban users by specifying IP addresses
- Ban users by specifying user agents
- Block access to debug log files.
How to Change WordPress Login URL by Making Changes in Core WordPress File?
If you’re not comfortable in using plugins for changing the login URL of your website, then you can do it by editing the core files in your WordPress.
Here we’re sharing the ways to do so;
1. Changing the .htaccess File
To change the login URL, you need to initially access the root folder of your WordPress website via FTP or using the hosting control panel. You can log in to your server control panel using the correct user ID and password, or you can log in to FTP using free software like Filezilla.
If you don’t know the FTP details or hosting credentials, we suggest you check the welcome email you get from your hosting provider when purchasing the hosting, or you can also connect with their technical support and ask for credentials.
After that, log in to your server and go to the particular website directory. You will find the .htaccess file over there. If you are using the hosting control panel, you can edit the file online, but you need to download the file and edit it if you are using the FTP.
Open the .htaccess file for editing and add the below code at the bottom of your file.
You need to replace several elements to achieve protection and change the login URL.
- Change “yoursite.com”: First, you have to change “yoursite.com” with your original domain name on all the places.
- Custom_admin_URL: This is your current URL after changing. This URL is to log in to the admin site. Here you can try out making your address like the_guidex, or many more. But make sure to be as much as unique as possible. There are many chances that Bots can accumulate popular addresses.
- Secret_Key: The secret key is a combination of alphabets and numbers. Set the secret key and save it security so that you can use it in the future.
Note: This mode of changing URL is only for Apache Servers; it will not work for you if you use any other web server.
2. Editing the wp-login.php File
Editing the wp-login.php file is one more approach to changing the WordPress login URL. As with .htaccess, you need to have hosting or FTP access for editing the wp-login.php file.
Login to your hosting or FTP account. You will find a file named wp-login.php. Download the file for editing if you are using an FTP connection or if you are using the hosting control panel; you can edit it online, right-click on the file, you will find the option to edit over there.
Now edit the file using the hosting editor or notepad, go to the Find option, or press Ctrl + F to open the find function. Search for “wp-login” and replace it with the word you want to use as the custom login URL of your WordPress website, for example, “custom-login.”
Save the file and rename the file name from wp-login.php to custom-login.php. You need to upload the file on the webserver if you are editing it by downloading the file.
Done that’s how you can change the WordPress login URL by editing the wp-login.php file.
How To Go Back To The Original WordPress Login URL?
Sometimes because of plugin or theme capability issues, WordPress login redirection doesn’t work in the way you want. Even in some conditions, you will be unable to login into your website. In this condition, the only way you can get access to your website back is by going back to the original WordPress login URL.
To go back to the original WordPress login URL, you need to delete the plugin you have used to change the login URL. It can be done only if you have hosting or FTP access. Below we have shared the step-by-step instructions to do it.
First of all, log in to your hosting account or FTP using a free FTP client like FileZilla. Now search for the file manager in your hosting panel and go to the particular websites directory.
You will see the folder as WP Content in it, open the folder and click on Plugins, and here you will find the file or folder of the particular plugin (Here in my case, I have used the WPS Hide Login plugin to the login URL)
Just delete the plugin folder, and your WordPress login URL will go back to the default wp-admin and wp-login page.
Risks When Changing Your WordPress Login URL
It is recommended to change the login URL of your WordPress website, but some users may face the following problems.
1. Plugin Malfunction
After changing the login URL, some users face the problem of plugin malfunction. This happens when you install an outdated plugin, or because of the capability issue, your login page might be unavailable because of it.
You can avoid this problem just by using the updated plugin. You will see that the particular plugin is compatible with your version of WordPress or not when you install the plugin from the WordPress repository.
We highly recommend you check the user reviews before installing any plugin on your website. WPS Hide Login is the most recommended plugin when it comes to changing the login URL of your site.
2. You Forget the URL
It’s common for most users to forget the login URL after changing it, so we highly recommend you to bookmark the new login page and share it with your team members so that your team will not have a problem with the login.
That’s how you can change the login URL of your WordPress website. We have shared both ways to change the WordPress login URL with or without the plugin.
Talking about our recommendation, we suggest you go with the plugin way as it is easy, but if you are a techy guy and comfortable with the server interface, you can do it by making changes in the core WordPress files.
Remember one thing, changing the WordPress login URL will not make your website fully secure. You need to take other essential security measures with it.
We hope this article about changing the WordPress login URL is helpful to you. Do share this content on social media if you find it useful for you in any manner.
Please stay connected with us for such informative content.