Skip to content

How to change the admin login URL in WordPress website to improve security?

Changing your login URL is one of the easiest and most effective ways to stop automated bots from hammering your site, because they specifically look for wp-admin or wp-login.php.

The safest way to do this is using a lightweight plugin. Manual coding is possible but risky because it involves complex redirects that can break your site if done incorrectly.

Recommended Method: Using “WPS Hide Login” Plugin

This plugin is extremely popular (millions of installs), free, and very lightweight. It doesn’t actually change files in your core WordPress; it just intercepts page requests.

Step 1: Install the Plugin

  1. Log in to your WordPress Dashboard.
  2. Go to PluginsAdd New Plugin.
  3. Search for WPS Hide Login.
  4. Click Install Now and then Activate.

Step 2: Configure Your New URL

  1. Once activated, go to SettingsWPS Hide Login (or sometimes it is located under SettingsGeneral at the very bottom).2
  2. Scroll down to the WPS Hide Login section.
  3. Login URL: In the field next to Login url, enter your new secret word.
    • Example: change it to my-manager, secret-entry, or store-login.
    • Result: Your new login link will be yourdomain.com/my-manager.
  4. Redirection URL: This is where people go if they try to visit the old wp-admin link. You can leave it as 404 (page not found) to confuse bots.
  5. Click Save Changes.

Step 3: Test It

  1. Log out of your website.
  2. Try to visit yourdomain.com/wp-admin. You should see a “404 Not Found” error.
  3. Now visit yourdomain.com/my-manager (or whatever you chose). You should see the login screen.
See also  disable Jetpack’s image/video/...sitemap while keeping the normal (post/page/link) sitemap active

Important Safety Tips

1. Bookmark Your New URL

If you forget the new URL, you cannot log in. Bookmark it immediately after setting it up.

2. What if you get locked out?

If you forget the URL or the plugin conflicts with something else, don’t panic. You can disable it easily via Hostinger if that’s your hosting service:

  1. Log in to Hostinger hPanel.
  2. Go to File Managerpublic_htmlwp-contentplugins.
  3. Find the folder named wps-hide-login.
  4. Rename the folder to something else (e.g., wps-hide-login-disabled).
  5. This forces WordPress to disable the plugin, and your old wp-admin link will start working again immediately.

Leave a Reply

error: Content is protected !!