How to Hide WordPress Admin URL From The Dashboard?

KB Viewed: 800
0 0

How to Hide WordPress Admin URL From The Dashboard?

By default, WordPress login pages can be accessed by adding “/wp-admin” or “/wp-login.php” to the end of a URL. If it’s kept as default, a hacker can identify your login page quickly; they can attempt to guess your username and password to access your Website  Admin Dashboard.

In this post, I will guide you through one of the easiest methods to change the wp-admin URL, with the plugin WPS Hide Login and without the plugin by custom code changes.

Method One: Hide wp-login.php Using a Plugin :

WPS Hide Login is an excellent plugin that lets you smoothly and safely change the URL of the login form page to anything you want. It doesn’t directly rename or modify files in core, nor does it add rewrite rules. It simply blocks page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the URL. Deactivating this plugin brings your site back precisely to its previous state.

Let’s see how we can hide the login URL to our custom URL step by step-

Step 1: Install the WPS Hide Login plugin on your WordPress website. Hover over the plugin and then click on “Add New.”
Step 2: Once you are on the plugin dashboard page, in the search box, type the “WPS Hide Login.” The plugin will appear, and click on the “Install Now” button to install the plugin.
Step 3: Once you install the plugin, the next step is to activate that plugin.

Step 4: Now approach the plugin menu and click the “WPS Hide Login” to configure the settings.

Once you lock on the WPS Hide Login, it redirects you to the plugin dashboard on the window screen, where you can change the login URL.

Step 5: Now, you can change the login URL as you want to change and click on “Save” to make the changes.

After clicking the “Save Changes” button, your default WordPress site login will be changed to the custom URL you set.

Method Two:  Hide the WordPress Login Page Without A Plugin

Using any third-party plugin impacts a website page and security standards; in that case, we can Hide WP Login with a custom code.

Step 1: Take a backup of your current wp-login.php file. 

Before you perform these steps, we strongly recommend backing up the current files and database.

Step 2: Create a new PHP login file

Generate a fresh new file using any text editor, and name this file anything you want (e.g……. “secret-login.php,” “private login-zone.php,” etc…. ).

Copy and paste the code from your current wp-login.php file into your new file and save. Or Else, open your wp-login.php file and ‘save as’ your new filename.

Step 3: Find and replace the ‘wp-login.php‘ string in your new file code.

You must now find and replace every instance of ‘wp-login.php’ in the code with your new login filename.

Save the file with the modified code to upload on FTP/Cpanel.

Step 4: Upload your new login file to your server via FTP

Log into your server and upload the new login file to the root folder or directory where you have installed WordPress. Delete the original wp-login.php file from your server.

Step 5: Update the default login and logout URLs.

The final step is to hook into the login_url and logout_url filters to update our file.

Add the following code to your theme’s functions.php (preferably in your child theme):

add_filter( ‘logout_url’, ‘custom_logout_url’ );

function custom_logout_url( $default )
{
return str_replace( 'wp-login', 'secret-login', $default );
}
add_filter( 'login_url', 'custom_login_url' );
function custom_login_url( $default )
{
return str_replace( 'wp-login', 'secret-login', $default );
}

Step 6: Test your new login URL

Test your new login page URL. Anyone visiting the default wp-login.php page will experience an error.

Method Three: WordPress Login URL .htaccess File Hacks

There are methods to ‘hide’ your WordPress login details using the .htaccess file. However, hiding your WordPress login URL doesn’t necessarily mean hiding it from others.

For instance, consider what occurs when you add URL forwarding to your .htaccess file. Always remember to create a full website backup before modifying the .htaccess file.

WordPress Login Page Obscurity With URL Redirection

You can make your WordPress login page more secure by renaming it using the mod_rewrite module in Apache. To do this, add the following line to your .htaccess file (remember to replace ‘privateloginpage’ with your chosen alias and update ‘example.com’ with your domain):

RewriteRule ^privateloginpage$ http://www.example.com/wp-login.php [NC,L]

In this example, we’ll add an alias called ‘privateloginpage’ and reupload the .htaccess file to our server:

Now, go back to the site and enter the new URL.

URL forwarding doesn’t conceal the WP login link; it only provides a workaround. As you can observe, the method mentioned above doesn’t hide the standard WordPress login URL; it simply creates a nickname that makes it easier for users to access their WordPress dashboard instead of using https://yourexample.com/wp-login.php.

Conclusion: 

I hope this article post is helpful and makes you understand how you can use the default login to the custom login URL. A few simple steps keep your website 60% safe from the typical malware and phishing attacks on the WordPress site.