How to Change WordPress Login URL Manually (4 Easy Steps)

By default, WordPress login pages have a predictable URL structure (usually ending with “/wp-admin” or “/wp-login.php“), making them susceptible to brute-force attacks. Hackers often target these login pages to gain unauthorized access to websites.

Changing the login page URL adds an extra layer of security by making it harder for attackers to find the login page. It obscures the standard login URL, making it more challenging for automated bots to locate and exploit it. This simple change can significantly reduce the risk of unauthorized access and enhance the overall security posture of a WordPress website.

If you are a website administrator and want a bit of peace of mind by knowing that your login pages are not easily accessible to malicious entities, you can follow this tutorial to manually change your WordPress login page from “/wp-login.php” to unique path of your choice, such as “/safe-access.php“.

Changing WordPress Login Page Manually

To change the WordPress login page without relying on a plugin, you need to modify the WordPress core file. It’s essential to create a backup of your WordPress files using a plugin or your hosting backup feature before proceeding.

When you’re prepared, begin by accessing your WordPress files through an SFTP connection or your hosting site’s file manager. (This tutorial employs FileZilla as the FTP client and Visual Code Editor as the code editor.) Once you’re connected, follow the steps below.

Step 1: Copy the Code from wp-login.php File

Begin by locating the wp-login.php file which can be found at the top level of a WordPress installation (usually inside the public_html folder).

Open up the file by double-clicking it if you are using the host file manager, or download it if you are using an FTP client. Once you open the file, copy all the code from it.

Step 2: Paste the Code on a New File (New URL)

Now, create a new file in the same directory as the wp-login.php file. Assign a unique name (safe-access.php for example) for the new file which will become a new path for your login page.

Continue by editing the file to paste the copied code from the wp-login.php file.

Step 3: Replace All String “wp-login.php” with New File name

After pasting the code into the file, utilize the code editor’s ‘find and replace’ feature to replace every instance of wp-login.php in the file with your new login file name (in this case, safe-access.php). Save the changes made to the file afterward.

Replace wp-login.php with safe-access.php
Save and upload the file back to the server

Step 4: Test Out Your New Login URL and Delete the wp-login.php FIle

At this point, you should be able to access your website’s login page using the new path you have created, as demonstrated in the following illustration.

Once you’ve made sure your new login page is functioning correctly, you can delete the wp-login.php file. By doing so, any HTTP request to the /wp-login.php, or /wp-admin will lead to a 404 not-found page.

Delete the wp-login.php
/wp-admin Page can’t be found

The Bottom Line

Changing the default WordPress login page URL, which is often predictable and susceptible to attacks, provides an additional layer of security. Hackers commonly target these pages for unauthorized access. Altering the login page URL makes it challenging for attackers to locate and exploit, reducing the risk of unauthorized access and enhancing overall website security. Website administrators can follow this tutorial to manually change the login page URL, offering peace of mind by ensuring that login pages are not easily accessible to malicious entities.

In addition, you can also add Cloudflare Turnstile and Google ReCAPTACHA to your site’s login form to add extra securiry layer.

This page may contain affiliate links, which help support our project. Read our affiliate disclosure.
Hendri Risman

Hendri Risman

Hendri is a WordPress expert and a writer staff at WPPagebuilders. He writes solutions on how to get things fixed in WordPress a lot. Mostly without involving a plugin.
Want to save yearly expense up to $219? why not?

Leave a Comment