You are currently viewing How to protect your WordPress site by changing the login URL

How to protect your WordPress site by changing the login URL

Why is it important to change the URL of the login page on the back end of your WordPress site?

First of all, this principle is based on certain security criteria. For example, malicious strangers who try to attack a site will first check the details of the platform on which it is created. That’s why one of the first actions these people can take is to type the slug / wp-admin at the top of a browser at the end of a URL. If the site is written in WordPress, this slug added to the URL will automatically call the login page created via the login.php file.

In other words, changing this slug could mislead attackers into believing that the site is created on another platform. However, even in situations where potential attackers already know that the site is made on the WordPress platform, they will not be able to easily guess the new slug added. This change behaves as if you were adding a new login password.

In this article I will show you how to protect yourself from such attempts to connect to various foreign sites by creating a new login file and redirecting the “/ wp-admin” slug to a 404 error page. , anyone who tries to log in to the site will be unable to find the page they are looking for.

How to change the URL of the site login page created in WordPress?

The first thing you need to do in this regard is to connect to the Cpanel panel or via FTP to be able to see the files of the site, from the main directory (this is usually public_html). Here you will find a file called login.php. Before making any changes you will need to back up this file to make sure that you do not lose it completely in case something goes wrong.

After backing up the login.php file, you will need to choose a name that you want to use to replace the “/ wp-admin” slug. For example, suppose you choose the name “login2”, but it can be any other, as difficult as it is to guess by people who want to discover it.

In order to use the new name chosen by the login page as a server, you will need to perform the following steps:

  • rename the login.php file with the chosen name (in our case “login2.php”)
  • open the login2.php file for editing and hold down the “ctrl” key, during which time you will briefly press the “f” key.
  • After you have done this, you will see the following window appear on the page:
  • type “login.php” in the first field of the window that appears and “login2.php” in the second field entitled “replace with”.
  • Press the “Enter” key. This will replace the login page address in the login2.php page code.
  • Open the functions.php file from the active theme folder, following the path “public_html / wp-content / theme / active-theme-name / functions.php”
  • At the bottom of the file, enter the following code from which you can replace login2.php with the name you gave to the login file:
add_filter( 'login_url', 'custom_login_url', PHP_INT_MAX );
function custom_login_url( $login_url ) {
	$login_url = site_url( 'login2.php', 'login' );	
    return $login_url;

After you have followed all the above steps, the address of the login page on the site will be: Also, anyone who tries to log in using “” or “” will be redirected to the 404 error page.


Whenever you update the WordPress platform or the active theme to a new version, you will need to repeat some of the steps above, as the updates rewrite the files. If you only updated the theme, you just need to re-add the above code to the theme’s functions.php file.