Blog Posts

How to: Change WordPress Login URL

14 Oct How to: Change WordPress Login URL

One really easy way to hack a WordPress site is to append /wp-admin (or /wp-login.php) on the end of the URL, and get to the standard login screen. This is the default WordPress login URL for all out-of-the-box installs (meaning you downloaded WordPress or used a one click installer to install WordPress.)

Plugins like Limit Login Attempts are good for limiting the number of attempts (so someone can’t just keep guessing the username and password over and over and over and over until they get it right), but often times letting people get to the login screen in the first place is problematic. There’s all sorts of problems more experienced WordPress developers can use to gain access to your backend.

So in addition to limiting login attempts for anyone who may land on your login page, lets make it even harder by changing the login URL. Thus, instead of logging in at (or wp-login.php), we’re going to change that to For this, you’re going to have to know how to use an FTP client to move files, and a text editor to do some basic editing (the default editor should be fine).

We’re going to move WordPress into a “login” directory (but you can call that anything you want), so you’ll login at For this tutorial, I’m going to assume that your site is the root (ie NOT

  1. Login to your FTP client, and create a new folder. Usually as simple as right clicking. Name it “login” (or whatever you like).
  2. Go to your Settings tab in the backend of your WordPress dashboard.
  3. In the WordPress Address (URL) box, enter: and click save changes at the bottom
  4. OH NO MY SITE JUST BROKE. Settle down, that’s supposed to happen. Move all the WordPress core files to the new folder you just created.
  5. Copy (don’t move) the index.php and .htaccess files from the folder you just moved everything to, into the root (one level up from the folder you just created)
  6. Open your root directory’s index.php file in a text editor and replace the line that says “require(‘./wp-blog-header.php’)” with “require(‘./login/wp-blog-header.php’)”
  7. If you didn’t make a folder called login, that change that word to match the folder you did make.

And that’s it! Now you can login at and all changes will be reflected on You may have to change a few things such as permalinks, but other than that the backend of your WordPress site should be exactly as it was before.

No Comments

Leave a Reply