Many of us who build websites for a living, are understandably concerned about the ever-growing security risks we face in the 21st Century.
With the continued rate of technological advancements in the digital space, it has become even more important to stay ahead of those (hackers) who might want to steal important information from your website. As such, inevitably, some people ask whether it is possible to hide their WP login URL.
The short answer is “yes”, it is possible to hide (change) your WordPress login URL from the default URL to a custom URL of your choosing.
What is the Default WordPress Login page URL?
All WordPress installations create a standard login URL for installations of /wp-login.php following your domain. Alternatively, you can simply use /wp-admin after your domain as well, which will redirect to the /wp-login.php page. Once logged in, the URL will change to /wp-admin/.
Why Change Your Default WordPress Login page URL?
As of the end of 2023, it is estimated that there are over 800 million websites built on the WordPress platform. That is roughly 30% of all websites worldwide! As such, this makes WordPress websites a very popular target for hackers. Specifically, hackers regularly attempt to repeatedly guess the login credentials (brute-force attack) of WordPress websites around the world.
One of the ways to thwart attempts to guess your WP login username and password is to change the URL of the WP login page itself.
So, instead of using the default WordPress URL for you log in page (https://yourdomain.com/wp-login.php), you can change the log in URL to pretty much whatever you would like, for example, https://yourdomain.com/newloginurl
How Do I Change My WP Login Page URL?
The easiest way to change your WordPress login page URL is by installing a plugin, such as WPS Hide Login.
Once you install WPS Hide Login, activate it.
Now, look for WPS Hide Login on your Plugins page and then click on the “Settings” link.
Scroll down to the bottom of the page and find “Login url”. Now, type in a custom login url, such as “newloginurl” and make sure you copy and paste that URL in a safe place that you can refer back to, if you need to.
Please note that you can leave the default value of “404” for the Redirection URL, or you can change it to something else if you prefer.
Don’t forget to click the “Save Changes” button.
Going forward, you will no longer be able to log in to your WordPress website using the default WordPress login page URL (i.e. https://yourdomain.com/wp-admin.php)
Instead, you must now use your custom login page URL that you just created, in order to log in to your website.
Should You Hide Your WP Login Page URL?
That is really up to you. Certainly, doing so, can be an extra layer of security against hacking. At the same time, if you manage multiple websites, it may make it more difficult to remember your custom login page URLs for each website.
There are other things you can do to mitigate the risk of hacking your WordPress website.