You’re no doubt aware how important security is to your WordPress site. In fact, you’ve probably heard plenty of advice on the subject – including that you should change your WordPress login page URL. However, you may not be sure why or how to do that.
Changing your login page URL is a simple but effective security technique that can help keep hackers out. After all, a unique, difficult-to-guess URL is harder to locate. This means people are less likely to gain access to your site unless you want them to.
Why it’s smart to change your login page URL
You know the page – unless you customize your login page, it looks something like this…
By default, WordPress sites all use identical URL structures for this page. If your website’s domain is www.mysite.com, for example, you can log in by visiting www.mysite.com/wp-login.php or www.mysite.com/wp-admin.
This makes it easy to remember how to access your site. However, the downside is that anyone who knows the first thing about WordPress can find your login page quickly. Once they’ve located it, hackers can get busy trying to break in. If you change the URL to something hard to guess, on the other hand, you’ll slow those same hackers down by making your login page harder to find.
Additionally, changing your login page URL has a secondary benefit in that it can eliminate a lot of resource-wasting bot traffic to your site.
Why you shouldn’t change your login page URL manually
Below, we’ll walk you through the process of changing your login page URL using a plugin. However, in some cases you may be tempted to complete this task manually (for instance, if you want to limit the number of plugins you install on your site).
While you can use File Transfer Protocol (FTP) or another method of accessing your site’s files directly to sort of make this change, this is not a good idea for a couple main reasons:
- Every time you update WordPress, it will recreate the login page file. This means you’ll need to change the URL all over again.
- Manually changing your login page URL can create errors with your logout screen, and cause other issues with important site functionality.
In general, we recommend not altering your site’s core files if you don’t have to. Doing this can have unintended consequences. Fortunately, there’s a better way of hiding your login page.
How to change your WordPress login page URL using a plugin
We should emphasize that this technique won’t prevent hacking completely. However, it does provide an extra layer of security for your site. Changing your login page URL is best used in combination with other methods of protecting your admin area, such as implementing Two-Factor Authentication (2FA) and limiting the number of login attempts allowed.
To change your WordPress login page URL, we recommend WPS Hide Login:
This is a lightweight solution that gets the job done simply and quickly. What’s more, it’s popular, has excellent reviews, and receives regular updates from the developer.
After those tasks are done, navigate to Settings > General in your WordPress dashboard.
If you scroll to the very bottom of the page, you’ll find a new section labeled WPS Hide Login:
This option will enable you to create a new URL for your login page by typing it into the field after your website’s domain name. Your best bet is to choose something random, as you would for a password (for example, a string of numbers and letters). Just make sure you record the new URL somewhere secure, so you don’t lose access to your site.
When you’re happy with the new URL, click on the Save Changes button.
From now on, you’ll be able to use this address to log into your site, and the default URL will be disabled. If for some reason you ever want to reverse this process, just deactivate WPS Hide Login, and the URL will return to normal.
WordPress is a very secure platform, but there are always steps you can take to further protect your website. Changing your login page URL is a small tweak that – when implemented as part of a comprehensive security plan – makes it more difficult for hackers and spammers to gain access.
Furthermore, using this technique is surprisingly simple. In fact, it will only take you a few minutes if you use the right tool. By installing a plugin like WPS Hide Login, you can alter your login page’s URL through your dashboard settings, and see the change take effect immediately.