Using special WordPress plugins allows you to change the WordPress default login URL. Since WordPress brute-force attacks have become more frequent, changing the default login URL will prevent attackers from accessing your admin login form.
Following the steps below you will learn how to change the WordPress default URL using Lockdown WP Admin and iThemes Security plugins.NOTE: Before proceeding with any changes, make sure that you generate a full backup of your website. If you've created your site using Softaculous script installer, feel free to refer to this guide as well (step #4 – Backup software).
Lockdown WP Admin
1. Install and activate Lockdown WP Admin plugin:
2. Go to Lockdown WP panel and enable Hide WP admin feature, enter the desired login URL then:
3. Choose the authentication method below:
If you use one of the HTTP Auth options the plugin will let you also create a secondary WordPress admin details. The secondary password and username would have to be entered in, even if someone guessed your secret login URL. The following authentication pop-up window comes up:
WordPress Login Credentials: selecting this option will prompt you to your normal WordPress admin username and password, prior to gaining access to the actual WordPress admin login page.
Private Usernames/Passwords: if you use it, you can configure a new secondary login from the Lockdown WP > Private Users section.
Save the changes and log out your WordPress Admin console. You should see the new login URL you set, while /wp-admin or /wp-login.php will serve a 404 error page.
iThemes Security
1. Install and activate iThemes Security plugin:
2. Navigate to Security > Settings:
Choose All:
Locate Hide Backend block and hit Configure Settings:
3. Enable Hide Backend feature:
In the Login Slug field, enter your new login location.
Once your changes have been made, click Save All Changes.
Unfortunately, changing the login URL itself is not enough. Since the plugin also updates the Meta widget in WordPress with the new updated URL, it is needed to remove either the whole widget or just the Log in link:
Remove Meta Widget from WordPress
1. Log into your WordPress Admin console and go to Appearance > Widgets:
2. Click on Meta widget, then hit Delete:
Remove the Log in link
1. Log into your cPanel and use File Manager menu.
Navigate to your /wp-includes directory. Right-click on the general-template.php file, then click Edit:
NOTE: make sure that you copy the general-template.php file before performing any changes. You can either download it to your local machine or copy/paste it to another directory within your cPanel.
2. Find the following line in the code:
$link = '<a href="' . esc_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>';
Comment the line with two forward slashes //
3. Put the following code on the next line:
$link = '';
The final code should look like this:
function wp_loginout($redirect = '', $echo = true) {
if ( ! is_user_logged_in() )
//$link = '<a href="' . esc_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>';
$link = '';
else
4. Go to your site. You should now see that the login link is gone from the Meta widget:
That's it!
Need any help? Contact our HelpDesk