How to Hide WordPress Admin URL From The Dashboard?
By default, WordPress login pages can be accessed by adding “/wp-admin” or “/wp-login.php” to the end of a URL. If it’s kept as default, a hacker can identify your login page quickly; they can attempt to guess your username and password to access your Website Admin Dashboard.
In this post, I will guide you through one of the easiest methods to change the wp-admin URL, with the plugin WPS Hide Login and without the plugin by custom code changes.
Method One: Hide wp-login.php Using a Plugin :
WPS Hide Login is an excellent plugin that lets you smoothly and safely change the URL of the login form page to anything you want. It doesn’t directly rename or modify files in core, nor does it add rewrite rules. It simply blocks page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the URL. Deactivating this plugin brings your site back precisely to its previous state.
Let’s see how we can hide the login URL to our custom URL step by step-
Step 4: Now approach the plugin menu and click the “WPS Hide Login” to configure the settings.
Step 5: Now, you can change the login URL as you want to change and click on “Save” to make the changes.
After clicking the “Save Changes” button, your default WordPress site login will be changed to the custom URL you set.
Method Two: Hide the WordPress Login Page Without A Plugin
Using any third-party plugin impacts a website page and security standards; in that case, we can Hide WP Login with a custom code.
Step 1: Take a backup of your current wp-login.php file.
Before you perform these steps, we strongly recommend backing up the current files and database.
Step 2: Create a new PHP login file
Generate a fresh new file using any text editor, and name this file anything you want (e.g……. “secret-login.php,” “private login-zone.php,” etc…. ).
Copy and paste the code from your current wp-login.php file into your new file and save. Or Else, open your wp-login.php file and ‘save as’ your new filename.
Step 3: Find and replace the ‘wp-login.php‘ string in your new file code.
You must now find and replace every instance of ‘wp-login.php’ in the code with your new login filename.
Save the file with the modified code to upload on FTP/Cpanel.
Step 4: Upload your new login file to your server via FTP
Log into your server and upload the new login file to the root folder or directory where you have installed WordPress. Delete the original wp-login.php file from your server.
Step 5: Update the default login and logout URLs.
The final step is to hook into the login_url and logout_url filters to update our file.
Add the following code to your theme’s functions.php (preferably in your child theme):
add_filter( ‘logout_url’, ‘custom_logout_url’ );
function custom_logout_url( $default )
{
return str_replace( 'wp-login', 'secret-login', $default );
}
add_filter( 'login_url', 'custom_login_url' );
function custom_login_url( $default )
{
return str_replace( 'wp-login', 'secret-login', $default );
}
Step 6: Test your new login URL
Test your new login page URL. Anyone visiting the default wp-login.php page will experience an error.
Method Three: WordPress Login URL .htaccess File Hacks
There are methods to ‘hide’ your WordPress login details using the .htaccess file. However, hiding your WordPress login URL doesn’t necessarily mean hiding it from others.
For instance, consider what occurs when you add URL forwarding to your .htaccess file. Always remember to create a full website backup before modifying the .htaccess file.
WordPress Login Page Obscurity With URL Redirection
You can make your WordPress login page more secure by renaming it using the mod_rewrite module in Apache. To do this, add the following line to your .htaccess file (remember to replace ‘privateloginpage’ with your chosen alias and update ‘example.com’ with your domain):
RewriteRule ^privateloginpage$ http://www.example.com/wp-login.php [NC,L]
In this example, we’ll add an alias called ‘privateloginpage’ and reupload the .htaccess file to our server:
Now, go back to the site and enter the new URL.
URL forwarding doesn’t conceal the WP login link; it only provides a workaround. As you can observe, the method mentioned above doesn’t hide the standard WordPress login URL; it simply creates a nickname that makes it easier for users to access their WordPress dashboard instead of using https://yourexample.com/wp-login.php.
Conclusion:
I hope this article post is helpful and makes you understand how you can use the default login to the custom login URL. A few simple steps keep your website 60% safe from the typical malware and phishing attacks on the WordPress site.