Protect WordPress login (wp-admin): rename wp-login

The text on this page was translated by translation software. A revised version from our editors will be available soon.

Leave your reply

Learn how you can significantly improve the security of your WordPress Web site in minutes by changing the login URL to the administration area of your WordPress Web site.

The administration area of a WordPress website (WordPress Admin) can be accessed conveniently by default via .

Attackers also know this and use this path as an attack point for hacking attacks via brute force. If you want to protect yourself from these attacks, you can rename or hide this default path to your login URL.

With the right WordPress plugin this can be done in just a few minutes.

Plugin recommendation: Rename wp.login.php

This free plugin is a bit older, but also works fine with current WordPress installations - we tested it with WordPress 4.8.2.

  • In your WordPress Admin, click Plugins > Install
  • Search for Rename wp-login.php
  • In the plugin tile, click Install Now and then click Activate after installation.
install wp.login.php

You can now adjust the login URL in the Settings > Permalinks area:

  • Scroll to the section Rename wp-login.php
  • Assign a new, secure name for the login URL, e.g.: c2xlp-3
customize wp.login.php login URL

Security tip: Do not use names for the login URL like login, logon, admin or backend. These are also known to hackers and offer little protection.

  • Click Apply Changes.

In the future you can reach your WordPress-Admin under the new URL. In this example:

wp.login.php new login URL

Save changes to .htaccess file (if required)

In certain cases, if your .htaccess file is not writable, you may need to manually insert these mod_rewrite rules into your .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Alternative Plugins

You can also use plugins like Protect your Admin to protect the login URL of your WordPress admin.

This article was published on 24 Oct 2018 by sebastian.zientek as part of the topic WordPress .