How to Hide WordPress Login Page From Hackers (4 Easy Methods)

Are you looking for a way that helps you secure your wp-admin dashboard?

It is really easy to access the admin login of your WordPress site. Bots and hackers can add /wp-admin/ at the end of the URL of your WordPress site to get in. That’s it! 

Of course, there are many ways to help you safeguard your WordPress site and keep your data safe. It’s better to change the wp-admin URL to something only you know. This will help you hide the WordPress login page to thwart hackers and prevent brute-force attacks.

In this article, we’ll show you 4 different ways to hide WordPress login page.

So, without much ado, let’s get started!

Why Hide Your WordPress Login Page?

By default, all WordPress websites have an identical URL structure for their login page. It looks like this:

Any bot or hacker can quickly access your WordPress website’s login page by adding the /wp-login.php or /wp-admin to the end of your site’s URL. 

But you can restrict these bots and hackers by hiding your WordPress login page by changing the URL structure, as they won’t succeed in guessing your login page. 

How to Hide Your WordPress Login Page 

Let’s look at 4 easy methods to hide your WordPress login page from bots and hackers. 

Method 1. Hide wp-login.php Using a Plugin (LoginPress Hide Login Add-on)

There are several plugins available for hiding the login page URL. Here we’ll show you how to hide your login page using LoginPress’s Hide Login Add-on.

The first thing you’ll need to do is install and activate the LoginPress plugin and upgrade it. For more details, see this step-by-step guide on How to Install And Activate LoginPress (Free) and  How To Install And Activate the LoginPress PRO Version?

Next, you’ll need to follow these steps to hide your login page.

Step 1: Go to LoginPress Hide Login Add-on

Note: Don’t forget to enable Hide Login Add-on. For details, check our guide on How to Hide Login with LoginPress.

First, go to LoginPress on the left of the admin dashboard and click on Settings. 

You can see the Hide Login tab next to the Settings tab.

Note: All the Add-Ons will be added next to the Settings tab.

Step 2: Customizing the Default Login URL 

The default structure of the WordPress login page generally looks like www.website.com/wp-admin/ or www.website.com/wp-login.php/. 

As a general rule, changing this URL is a good practice to ensure that hackers cannot find it. 

First off, go to the Hide Login tab. Navigate to the Rename Login Slug field. Now, rename the login slug on your own or click on the Generate Slug (Randomly).

Once the renamed login slug is generated, your default WordPress login URL becomes unavailable to outsmart hackers. Now you don’t need to care about brute-force attacks.

You’ll need to log in to your WordPress site with the newly generated slug.

If someone tries to go for the default  URL, that user will be automatically redirected to the 404 page. Now your WordPress login page is secured against brute force attacks.

Method 2. Hide WordPress Login Page Without A Plugin

You can also hide your login page without using a plugin. Simply access your WordPress installation files (like FTP, cPanel File Manager, and more).  

Once you access your WordPress installation, do the following:

1. First off, create a backup of your wp-login.php file. 

2. Create a new PHP login file using your text editor. You can name this file anything you such as danger-zone.php, etc.

3. Search and replace ‘wp-login.php’ with your new login file name in the code.

4. Now, upload your new login file to your server. 

5. Last but not least! Paste and update the code given below in your child theme’s functions.php file.

add_filter( 'logout_url', 'custom_logout_url' );

function custom_logout_url( $default )

{

return str_replace( 'wp-login', 'danger-zone', $default );

}

add_filter( 'login_url', 'custom_login_url' );

function custom_login_url( $default )

{

return str_replace( 'wp-login', 'danger-zone', $default );

}<div class="open_grepper_editor" title="Edit & Save To Grepper"

6. Everything is done! Now you can test your new login URL. You’ll be redirected to the 404 page if you try the older version.

Method 3. Hide the WordPress Login page with .htaccess

There is one more way to hide your login page by making your WordPress login details ‘obscure’  in the  .htaccess file. However, obscuring your WordPress login URL doesn’t necessarily mean hiding it from others.

Note: Don’t forget to have a backup of your WordPress site before making changes to your .htaccess file.

WordPress Login Page Obscurity With URL Redirection

To do this, add the line below to your .htaccess file:

RewriteRule ^newloginpage$ http://www.example.com/wp-login.php [NC,L]

Note: You’ll need to replace ‘newloginpage’ with any alias and change the example.com URL to your domain.

In this example, we’ll add an alias called “dancekevindance”.

Now, update the .htaccess file and try to reach your site using the new URL.

The method mentioned above doesn’t hide the default WordPress login URL but creates an alias. It lets the users log into their WordPress dashboard using a web address. Tih web address is easier to remember than https://yourexample.com/wp-login.php.

Method 4. Hide WordPress Login with a Code

You can hide your WordPress login page via code. But we would recommend you do this with a plugin.

If you try a code to change the login URL, hide the wp-admin/wp-login.php pages, or use redirection for the users, it may cause compatibility issues, slow your site, or several other problems for your WordPress site.

Final Thoughts

Now that you know how hiding your WordPress login page helps secure your site against cybercrime. 

We’ve demonstrated 4 different methods that you can be used to hide your WordPress login page. Use any of the following methods to shield your WordPress site.

Now try this out yourself, and let us know which method you prefer in the comment section below. 

Frequently Asked Questions