Fabrizio Van Marciano

available for hire

How To Change The Login URL In WordPress (Security Hack)

This little tutorial should help you add an extra layer of security to your WordPress website. Let’s see how we can change the login URL in WordPress.

A while back I discovered another useful little plugin that enables the change of the login URL in WordPress. I actually use this plugin here on FVM and also on my online course platform. This is definitely a plugin I recommend installing.

One of the things I started noticing over the last twelve months or so was the number of failed login attempts being made by non-registered users of my site.

As you know, FVM is also a membership site, and my course website also has over 400 registered students. So, security is a HUGE priority for me.

But even with the Limited Login Attempts plugin enabled, the failed login attempts were getting too high.

Are you experiencing the same issue with your website?

If you’re reading this right now and you’re experiencing exactly the same kind of issues with your WordPress site or maybe you also manage memberships as I do, the good news is that you can secure your site just a little more –

Here are some options:

  1. Disable user registration (probably not a good idea if you manage members)
  2. Change the URL of the login page

So, the first obvious thing you can do is disable user registrations entirely. However, that’s not a valid solution if you depend on your users subscribing to your site to use certain features or to access premium content.

The other option you have is to completely change the URL login name, i.e. changing the URL permalink to a different path instead of this –

Example: https://yourwebsite.com-wp-login.php

Bingo! That’s exactly what we’re going to do and I’ll show you how.

Plugins needed for the job

So, the easiest way to change the login URL in WordPress is to use a plugin. You could use some custom code but that’s not really user-friendly.

There are a few of them dotted about in the WordPress repository. Unfortunately, though, most of them are no longer maintained.

The two plugins I recommend checking out are the following –

  1. Limit Login Attempts Reloaded [Link]
  2. WPS Hide Login [Link]

The plugin we’re going to use here is the WPS Hide Login. This is the plugin that I use on my course membership website. I don’t use it on this site because, for some strange reason, it conflicts with the MemberPress membership login page. I do have other securities in place, however, such as 2FA SMS authentication which I’ll show you how to set up in a future tutorial.

OK, so before you start using the WPS Hide Login plugin, I want to give you a few important tips for changing the URL structure of your login page.

  1. Change the URL to something memorable: Change your new login URL to something that you and your site members will easily remember, yet something that will not be so obvious for unwanted visitors to guess. For instance; /login-page/ is pretty obvious so try and avoid using ones like that. You could instead use something like /jump-on-board/ or /let-me-in/ or /members-only-page/. I’m sure you can think of a few better ones. If you don’t require users to log in to use your site, you can change the URL to something more complex. But remember that YOU still have to remember it for your own use.
  2. Write it down: Make sure you write the new login page URL path somewhere until you remember it by heart. Or, simply bookmark it somewhere on your computer.

OK, let’s get started.

1. Installing the WPS Hide Login plugin

If you’re familiar with WordPress then this is pretty straightforward stuff. If you’re new to WordPress and still learning, here’s what you have to do –

From the back end of your site (WordPress Admin area), head over to Plugins > Add New, and do a search for “WPS Hide Login“. See the screenshot below.

How to change the login URL in WordPress

You will see the WPS Hide Login for the first choice. Make sure it is compatible with your version of WordPress before installing.

2. Configuring the WPS Hide Login plugin

The next step is to make one simple configuration. Yep! Just one…

Head over to Settings > WPS Hide Login. Scroll down to the bottom of the page until you see the option to add a new string to the login page. See the image below.

Simply add a new URL extension of your choice in the box provided, then add the extension you’d like to have the old login page redirect to. For example, you could redirect it to your 404 page. Once you’re done hit save.

That’s it you’re all done! How easy was that?

What happens to your wp-login.php URL extension?

If you now try accessing the old login page wp-login.php URL of your site, you should be redirected to whatever page you entered in the redirection URL. I have mine redirected back to my 404 page.

If you want to add even more security to your login page, the Limit Login Attempts Reloaded is something to consider if you haven’t already done so.

Also, do let me know if this has worked for you. I’d love to know. You can get in touch with me via the contact page here.

Is your website sending visitors away? Did you know that 94% of visitors make a 1-second decision, whether to trust or distrust a website based on design and usability? Click here to stop losing subscribers, sales, customers, and clients.

Get access to my courses and expert tutorials!

Everything you need to design your website with WordPress, Oxygen, Bricks Builder, Bricks Builder, plus over 100 video tutorials, code snippets, templates, Discord Community, and more.

Join Van Marciano Pro