3 Ways to Change WordPress Login URL

Reading time: 6 min read
Syed Balkhi
Written by
Syed Balkhi

Updated · Nov 16, 2023

Syed Balkhi
Entrepreneur. Investor. | Joined August 2023 | LinkedIn
Syed Balkhi

Syed Balkhi is the founder of WPBeginner, the largest free WordPress resource site. With over 10 yea... | See full bio

April Grace Asgapo
Edited by
April Grace Asgapo


April Grace Asgapo
Joined June 2023 | LinkedIn
April Grace Asgapo

April is a proficient content writer with a knack for research and communication. With a keen eye fo... | See full bio

Techjury is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.

WordPress is used by more than 810 million websites globally. Due to its popular demand, the platform is susceptible to hacking. 

It’s a safe guess that 4.7 million WordPress sites are hacked every year. This equates to 13,000 sites being compromised daily. Some of these incidents are due to brute force attacks.

Changing your WordPress login URL is one great way to avoid online threats like brute force attacks. Fortunately, there are three simple and effective ways to do this. 

Dive in. 

Brute Force Attacks on WordPress Login Pages

WordPress websites have default URL slugs for signing into the backend: wp-login and wp-admin. Hackers know this, so they use brute force attacks to access your website. 

About 16% of site-hacking activities are through brute force attacks. These attacks are trial-and-error methods of guessing passwords and usernames of a website. 

Hackers use automated scripts that try to guess your login credentials repeatedly until they eventually get them right.

Once hackers succeed with such an attack, it can mean danger for both the site owner and the users. Check out some of the effects of a brute force attack:

An easy way to thwart such activities is to change your WordPress login URL. When hackers can’t find your login pages, it makes it much harder for them to try and force their way into your site. 

Look at three powerful and easy ways to create a custom WordPress login URL, making it harder for hackers to gain access. 

3 methods to change WordPress login URL

Find out how each method works below. 

1. Use a Plugin

If you are not tech-savvy or want to save time to customize your WordPress login URL, your best option is to use a plugin. 

You can use SeedProd to create a new custom login page in a flash. This tool can greatly help your marketing campaigns with its numerous templates for powerful landing pages. 

Here’s how you can use SeedProd to set up a plugin:

Step 1: Install and Activate SeedProd

Go to your WordPress dashboard. Navigate to Plugins > Add New

WordPress dashboard

Search for SeedProd and click Install Now.

Plugin options

Hit Activate to launch the plugin. Make sure to get the SeedProd premium version with the Login URL template

Activate the subscription by entering your product license key on SeedProd > Settings.

SeedProd license key page

Note: You can get your product license key in your account information when you sign up on SeedProd’s site. 

Step 2: Choose a Login Page Template

Once your plugin is activated, go to SeedProd > Landing Pages. Find the  Set up a Login Page template button.

SeedProd’s template categories

This will take you to a page with multiple templates for login pages. Select one from the pre-made templates. You can also start from scratch and build one using the Blank template option. 

Once you select a template, a pop-up box will appear, asking you for your page name and the custom login URL you want. 

This is where you create a unique login URL different from the standard wp-admin slug. 

Pop-up with your page name and URL

Step 3: Design your Login Page

You can start customizing your login page to look as minimalist or colorful as you like. Exercise your branding to the maximum and add your brand colors, logo, and more. 

Sample log-in page

✅ Pro Tip

If you want to set up your custom login URL for FREE, use WPS Hide Login. You can customize your WordPress Login URL at no cost in just a few steps. 

2. Update WordPress Login URL Through wp-login 

If you’re comfortable making coding changes and don’t want to use a plugin, this method is for you!

🛠️ What You Need

These are things that you must have before making changes to your login file: 

  • Access to your website’s file manager: Your hosting platform should give you access easily. You might also need to use an FTP client for this. 
  • Text editor: You will need this to edit the code.  You could use Atom, Sublime Code, Notepad++, and others. 

Start by making a backup of your WordPress site. It is crucial to have a copy of your website that you can re-upload anytime if something goes wrong.

Alternatively, make sure that your hosting provider maintains backups of your site. 

Head to your File Manager. Note that the screenshots below are from Bluehost’s system. 

Bluehost’s File Manager

Next, look for the public_html file and find wp-login.php. Download it to your computer. 

Locating wp-login.php file

Open this file in your text editor platform. Search for every mention of ‘wp-login’ in the file. 

Configuring wp-login in a text editor tool

Replace it with something different across all instances in the file. Make sure it’s relevant and memorable. For example, you can change it to something like member_login.php

Once you’re done, save and close the file. Rename the file itself. It should go from ‘wp-login’ to ‘member_login’ or whatever you choose. 

Go back to your file manager and upload this new file. 

The final and most important step is to register this new login file URL. To do this, use the filer hook ‘login_url’. 

Add the following code to your theme functions file: 


 * Change WP Login file URL using "login_url" filter hook

 * https://developer.wordpress.org/reference/hooks/login_url/


add_filter( 'login_url', 'custom_login_url', PHP_INT_MAX );

function custom_login_url( $login_url ) {

$login_url = site_url( 'member_login.php', 'login' );

    return $login_url;


Save this file and test your new login URL. Type your website address in a browser address bar and add member_login or the URL slug you opted for. 

Lastly, delete the original wp-login.pho file from the File Manager. 

3. Edit the WP Login URL Using .htaccess

The .htaccess file is an important configuration file that affects many critical aspects of your site. 

This method works similarly to the second one, but this is more straightforward. Follow the steps below to learn how: 

⚠️ Warning

Be very careful when editing the .htaccess file. It is a vital configuration file. Any error when updating the file can change how your site behaves. 

  1. Go to File Manager and find the .htaccess file. 

File Manager page

  1. Download the file. Keep a backup in case anything goes wrong. 
  2. Using your text editor, add the following code: 

RewriteRule ^login$ http://website.com/wp-login.php [NC,L]

  1. Insert the URL slug you want in the part where it says ^login$

For example, insert ^member_login$. This will change the login URL for your WordPress site. 


Changing your WordPress login URL is a proactive step toward safeguarding your website from malicious attacks

Whether you use a plugin or make manual changes, this security measure can boost your site's protection.

By keeping hackers guessing and reducing the chances of brute force attacks, you're strengthening your site along with your own digital presence. 

FAQs on Changing WordPress Login URL.

What is the default WordPress  Login URL and how can you find it? 

The default login URL is "http://www.yourdomain.com/wp-login.php" or "http://www.yourdomain.com/wp-admin." You can access your login page by adding the slug ‘wp-admin’ or ‘wp-login’ to the end of your primary domain name. 

Why should you change the WordPress Login URL?

Hackers may attempt to initiate brute force attacks on your website. Creating a unique login URL reduces the risk of being targeted and increases your site security. 

What are the most common issues when changing the default WP Login URL? 

Some plugins may direct to the default login URL. This could lead to you getting locked out of your site. You might also forget your new login URL. Aside from that, a new login URL can confuse users who are used to the default URL.

Is limiting login attempts a better method than changing the WP Login URL?

Limiting login attempts means blocking a user from trying to log in after several attempts. However, this method isn’t better than changing login URLs since people forget their passwords. You don’t want to block real users. 


Facebook LinkedIn Twitter
Leave your comment

Your email address will not be published.