How to Change WordPress Login Page URL – 5 Best Plugins
If you change the standard site login page URL to wp-login.php
something unique, an attacker will not be able to guess the login and password for your site, since he will not find a page where this can be done.
In this article, you will learn how you can change the WordPress admin login page URL and block access to the standard wp-login.php login page using a plugin. In advance, you also learn about how to Change WordPress Login Page URL by HTML Codes.
Plugins that can change the address of the authorization page on the site can be divided into 2 groups:
- Plugins that only do this task,
- Great security plugins that help not only with this problem, but many others as well.
Let’s know about best Plugins to change wordpress login URL.
1. WPS Hide Login
A lightweight plugin that changes the address of the login page to the site, and closes access to wp-login.php and wp-admin .
It does not change the name or content of files in the WordPress core, nor does it add rules to .htaccess .
The plugin intercepts calls to wp-login.php or wp-admin and sends a request to a new page. After removing plugin, the site login page returns to wp-login.php.
2. WP Hide Security Enhancer
In addition to the site login pages, the plugin hides the WordPress core files, the paths to plugins and themes, and other facts of using WordPress.
3. Cerber Limit Login Attempts
Plugin for restricting authorization attempts on the site with the function of changing the authorization page address.
Restricts the use of XML-RPC or requires the use of cookies for authorization. The plugin has black and white lists, it can report events on the site via e-mail.
4. All In One WP Security & Firewall
A large site security plugin that has a function to change the login page.Transfers the login page to any other, puts a 404 error on the standard wp-login.php page.
5. iThemes Security (formerly Better WP Security)
Another great plugin that, among its many functions, has the function of changing the login page to the site. It transfers the authorization page to any other and redirects the standard wp-login.php page to a 404 page or any other.
Change WordPress Login Page URL by HTML Codes
According to a Sucuri study, 40 million WordPress sites are exposed to brute-force attacks every day. One way to protect your site from such attacks is to change the site’s login page.
If an attacker does not know where the site’s login page is, he will not guess the username and password.
In this article, you will learn two ways to create a new login page instead of the default one wp-login.php with a few code lines.
Applying these methods takes a few minutes and does not require a plugin to be installed.
Make a backup
To change the login page, you need to make changes in the .htaccess file. An error in one letter can crash the entire site, so make a backup of the .htaccess file and the theme folder.
A backup can be done on a hosting or using a plugin. Make a full backup or check that the last automatic backup was after the site’s last changes.
If you have visitors to your site, you can test changing the authorization URL on a local or tech site.
In the first method, you will make changes in the .htaccess file. In the second, changes in the .htaccess and functions.php files. After that, you will need to disable access to the old login page in the admin panel … / wp-login.php.
The .htaccess file is located in the site’s root folder; the functions.php file is located in the theme folder.
How to change the login page in WordPress (Code Methods)
Here are 2 methods to change the WordPress login URL by putting some codes.
Method: 1
Editing the .htaccess file
Add the code at the beginning of .htaccess in a single WordPress installation and after these lines in a Multisite installation:
RewriteEngine On
RewriteBase /
RewriteRule ^ index \ .php $ - [L]
Add this code:
# BEGIN Hide login page
RewriteRule ^ myloginpage11 $ https: // % {SERVER_NAME} /wp-login.php?key=123456qwerty&redirect_to=https://% {SERVER_NAME} /wp-admin/index.php [L]
RewriteCond % {HTTP_REFERER} ! ^ Https: // % {SERVER_NAME} / wp-admin
RewriteCond % {HTTP_REFERER} ! ^ Https: // % {SERVER_NAME} /wp-login.php
RewriteCond % {HTTP_REFERER} ! ^ Https: // % {SERVER_NAME} / login
RewriteCond % {QUERY_STRING} ! ^ Key = 123456qwerty
RewriteCond % {QUERY_STRING} ! ^ Action = logout
RewriteCond % {QUERY_STRING} ! ^ Action = lostpassword
RewriteCond % {REQUEST_METHOD} ! POST
# END Hide login page
Change myloginpage11
in line 2 to your address where you want to have the site login page. If you do not change anything, the site login page will be MyLoginPage.com/myloginpage11
.
Change 123456qwerty
in lines 2 and 7 to something of your own. This is a secret key that can contain only Latin letters and numbers.
Save the file and check the site. If you get a 500 server error, then you’ve made a mistake somewhere. Review your changes or start over.
If the site works, but the changes did not apply, reset your browser cache and try again.
Method: 2
Edit the .htaccess and functions.php file
Paste the code at the very beginning of the .htaccess file in a single installation, or after these lines in a multisite installation:
RewriteEngine On
RewriteBase /
RewriteRule ^ index \ .php $ - [L]
Add this code:
RewriteBase /RewriteRule ^ myloginpage22 $ wp-login.php
Replace myloginpage22
with your address. If you leave it as it is, then the new site login address will be XYZ.
com/myloginpage22
.
Save the file and check how the site works. If you have a 500 error, try to find the error or start over.
After that, you can start using this login address in the admin panel, but if you want WordPress to start using this address everywhere as the login address to the site, you need to add a snippet to the functions.php file of the child theme or add a code to the plugin that will add the code to current topic.
Add this code to functions.php :
<? php // Remove if not needed
add_filter ( 'site_url' , 'wplogin_filter' , 10 , 3 );
function wplogin_filter ( $ url , $ path , $ orig_scheme )
{
$ old = array ( "/(wp-login\.php)/" );
$ new = array ( "myloginpage22" );
return preg_replace ( $ old , $ new , $ url , 1 );
}
Code from the WordPress tech support forum . Change myloginpage22
to your URL that you added to .htaccess .
Everything is ready, you can check. Add a widget with meta information to your sidebar and click on the login link.
If you did everything correctly, you should be taken to a new login page for the site.
Conclusion!
From a security perspective, it’s a great idea to change your WP-admin.php login URL to make it hard and secure for hackers to guess. This will strengthen the security of your WordPress website or blog to a great extent.
At the same time, if you are running a multi-author blog or using it in a way where you & others need to regularly interact with the login & registration page, use the other plugins to change the URL.
The second option is optional, however, I recommend you implement the first option (change your wp-admin URL with plugins) right away for improved security for your WordPress website.
If you have any question or suggestion then feel free to comment us.
Hey Vishal Meena ,
Awesome post as usual. Your hard-work and researches are truly appreciable.
Glad to say that you have introduced helpful plugins to change the wordpress login url. You have presented each plugin in an impressive way along with all the crucial & necessary information that are true enough to understand. Your each plugins are effective to use and offers astonishing features But according to my beliefs & opinion WPS hide login, WP Hide security Enhancer, Cerber limit Login Attempts and All-In-One Wp security & firewall are really great plugins. Using these plugins will helps a lot.
Your included code methods to change the login page in wordpress are also helpful But According to me using the plugins will be more easier.
After going through this complete guide i really got helpful ideas regarding each plugin and have also boosted my knowledge.
Eventually thanks for sharing your ideas, knowledge and such a helpful post.