How to Rename/Change WordPress Login URL ?

WordPress is one of the most popular content management systems (CMS) in the world, powering millions of websites. As a website owner, it’s crucial to prioritize the security of your WordPress site. One effective way to enhance security is by renaming or changing the default WordPress login URL. In this article, we will guide you through the process of renaming your WordPress login URL, helping you protect your website from potential threats.

Why Rename WordPress Login URL?

The default WordPress login URL is commonly known and can be accessed by appending “/wp-admin” or “/wp-login.php” to the domain name of a WordPress site. This makes it easier for hackers or malicious bots to target your site’s login page. By renaming the login URL, you add an extra layer of protection, making it more challenging for unauthorized individuals to gain access to your site’s admin area.

Understanding the Default WordPress Login URL

By default, the WordPress login URL is structured as either “” or ““. These URLs are easily recognizable, which can make your site vulnerable to brute-force attacks or login attempts by automated bots. Hackers often target these default URLs to exploit potential security vulnerabilities.

Risks Associated with the Default Login URL

Using the default WordPress login URL exposes your website to several risks. Brute-force attacks, where hackers attempt to guess your username and password combinations repeatedly, are a common threat. These attacks can lead to unauthorized access to your site, data breaches, or even the installation of malicious software. Renaming the login URL helps mitigate these risks by making it more challenging for attackers to locate your site’s login page.

Benefits of Renaming WordPress Login URL

Renaming your WordPress login URL provides multiple benefits in terms of security. Firstly, it adds an additional layer of protection by obscuring the default login URL, making it harder for attackers to target your site. Secondly, it reduces the risk of brute-force attacks as hackers would need to guess both the username and the custom login URL. Lastly, it enhances your website’s overall security posture, making it less likely to be compromised.

Steps to Rename Login Url

Before starting the step you will have to follow below points.

Backup your website

Before making any changes, it’s always a good idea to create a backup of your WordPress website. This ensures that you have a copy of your site in case anything goes wrong during the process

Install a security plugin

To change the login URL, you’ll need a security plugin that offers this feature. One popular plugin is “WPS Hide Login.” You can install it by going to your WordPress admin dashboard, navigating to “Plugins” > “Add New,” searching for “WPS Hide Login,” and clicking on “Install Now” and then “Activate.

Step 1

  • Make a copy of wp-login.php file from wordpress root directory and create a new file with your preferred choice name.
  • Copy all code from wp-login.php file and paste into your newly created file.
  • Find wp-login.php file and replace to your filename and save it.
  • Delete or rename wp-login.php file from root directory.

Step 2

  • Navigate to plugins from admin menu.
  • Click on Add new click on upload plugin or navigate to search bar and search WPS Hide Login / Change wp-admin login install and activate it.
  • You can activate any security plugin which has option to rename url.
  • Ex : – All in one Security , Wp better etc .

Addition Security Tips

While renaming your WordPress login URL is a significant step towards enhancing security, it’s essential to implement additional security measures to safeguard your website effectively. Consider implementing the following measures:

  • Strong Passwords: Use complex and unique passwords for all user accounts, including administrators.
  • Two-Factor Authentication (2FA): Enable 2FA to add an extra layer of verification during the login process.
  • Limit Login Attempts: Install a plugin to limit the number of login attempts allowed, preventing brute-force attacks.
  • Regular Updates and Backups: Keep your WordPress installation, themes, and plugins up to date, and regularly backup your website to minimize potential risks.


Step 1 will cause some difficulty with your website, your logout url with not work. Once your update wordpress previous file will be deleted and default login url will work. As per wordpress coding standard we cannot change or modify code from core file it leads to unexpected errors.


Renaming your WordPress login URL is a simple yet effective way to bolster the security of your website. By following the steps outlined in this article, you can reduce the risk of unauthorized access and protect your valuable content and user data. Remember to implement additional security measures and stay vigilant against evolving threats to ensure the ongoing security of your WordPress site.


Can I change the login URL manually without using a plugin?

While it is technically possible to change the login URL manually by modifying WordPress core files, it is not recommended. Manual changes can lead to compatibility issues or conflicts with future WordPress updates. Using a reliable security plugin is the recommended approach.

Click here to watch the video.

Will changing the login URL break existing plugins or themes?

Renaming the login URL should not affect well-coded plugins or themes. However, it is always a good practice to test your website thoroughly after making any significant changes and ensure that all functionalities are working as expected.

Is renaming the login URL enough to secure my WordPress site?

Renaming the login URL is an essential security measure, but it should be combined with other security best practices. Implementing strong passwords, two-factor authentication, limiting login attempts, and regularly updating your website are equally crucial for comprehensive security.

Can the renamed login URL be easily discovered by hackers?

While renaming the login URL adds an extra layer of protection, it is not entirely foolproof. Skilled hackers may still discover the custom login URL through other means. Therefore, it’s important to implement additional security measures and regularly monitor your website for any suspicious activities.