How to Change The WordPress Admin URL Without Plugin (2024)

WordPress is one of the most convincing Content Management Systems. However, WordPress is often targeted by hackers.

In general, anybody may get the default login page. One can do this Just by adding “wp-admin” or “wp-login.php” in the URL.

Usually, attackers use some techniques to attack your site. One of there most favorite things is a brute force attack. In the process, hackers try to enter into your site predicting the login password of your site.

Therefore, you need to change the login URL for securing your site from hackers.

But before jumping to the code section, if you are non-technical then I recommend you to try WP Adminify Plugin to Customize WordPress Dashboard and also to change the default WordPress Login URL too.

As you can get started, you have to have a code editor. My recommended code editors are:

• Notepad++
• Sublime Text
• Atom

Whatever, I’ll use Sublime in my code editing.

1. Creating a new file.
2. You have to copy the code from your wp-login.php.
3. Paste the code into your new file.
4. You need to restore wp-login.php with the new file name.
5. wp-login.php file has to be deleted.
6. Get logged into your new URL.

Undoubtedly, security is a major concern for every website’s owner. As aforementioned, you may follow plenty of security issues. Changing your wp-admin URL is the most popular among them.

Let’s know why and how it is done.

In fact, WordPress default login URL is /wp-login.php. In turn, you may type in /wp-admin/. Accordingly, it’ll turn you into logging. You can get the default login page getting into wp-admin or wp-login.php.

Now, tell me one thing. To hack your site, what a hacker will do? The hacker needs only your username and password. To hack your site, a hacker needs to know where is your login form.

However, the WordPress default login is all the same on every website. Moreover, you can easily understand either the site is a WordPress website or not. All you need to look, just go through sources that are given.

Then, you can watch things like /wp-content/themes/function.php or /wp-content/plugins/ or something like this. Eventually, if I can recognize your site as a WordPress site, then I can tell your login URL is /wp-login.php.

Again when it’s username, WordPress opens a username for admin by default. As this, your login URL will be taken. And most probably your login username also (admin). After that, it’ll guess your password.

However, intuiting password is never easy. Yet they will be trying to get into your site by HTTP requests. Even brute force attack works on your site to guess what is your password.

|Attention:- A brute-force attack is a process of hacking. Here a hacker tries so many passwords to enter into your id by guessing the right one. Accordingly, the hacker will check all possible options. With passwords and passphrases until the appropriate password comes. In fact, a brute force attack powered by software. Which tries about 10000 passwords within 1 second! Thus, the attacker may know your password.|

The process of the WordPress Login URL without a plugin is such a simple thing to do. My recommendation is, at first you have to keep a backup of wp-login.php. Plus, you have to save it safely.

Secondly, take it onto your website’s files. Moreover, you’ll need to use a text editor. In this case, here I’m utilizing Sublime.

Thirdly, select a unique login UR for you. Such as/newlogin.php. Then dive into your public_html directory. There you’ll get wp-login.php. Get into it with FTP client software/cPanel File Manager.

As this is done, just write down the file’s name for your login URL. Provided this, I wrote the name newlogin.php.

Fourthly, you should go through the newlogin.php. You will get there wp-login.php in the file. In this case, restore that with the file name you made in newlogin.php.

Overall, when it seems everything is okay, hover your mouse over “Replace All”. Then in text editing,12 incidences replaced. As it’s over, you can log in by operating into your new URL. For me it was localhost/wp/newlogin.php. Whether you get any HTTP requests to the /wp-login.php, or /wp-admin directories may take viewers into the 404 error page.

Mistakenly, when the case is not right, you needn’t think much. Because still there is a backup file. After this, all you need to do Just replaced the file in the origin directory. Thus, you’ll get everything as same as it was earlier.

As you know, the article is how you can change the WordPress URL login without using any plugin. Hopefully, you could understand the whole process. But as you face any sort of problem, feel free to comment. I’ll be right back to you to solve every single problem of you.

However, you may not like Plan A, don’t worry. I’ve further suggestions for you. Let’s check the next plan!

Get on the procedure to Update: Earlier I set up a fresh strategy that serves the same business in a better procedure.

What is the major intention of us? Hiding the login page, isn’t it? Hence, by not changing your login page like wp-login.php, you can yet befool decliners. A client tells me, this is acceptable. Listening to him I got curious about this. Accordingly I started to search about it. And could develop many threads on several discussions. At last, I could answer the client.

Provided, many people attempt to enter the login page only with going wp-login.php. Accordingly, they may find the Forbidden page. Yet in your issue, you may log in from wp-login.php to your website. Follow the steps given below. To undertake this procedure, you need to go through 2 steps.

Key takeaway 1: Copy & paste the following code in the .htaccess file.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_COOKIE} !^.*wp\-connex=2917998723.*$ [NC]
RewriteRule wp-login.php - [F]
</IfModule>

However you might doubt either it is safe or not. Still I recognize that the process is totally safe. Moreover, I, myself is also maintaining this on my client sites as well.

Now, let’s interpret the code. Forth the 4th cord, you need to select the login page name. Here it is put to wp-connex. Importantly, you’ve the option to rename it.
Presently, what this code can do? It may be a little tricky to explain. I’m going to explain though. Here you’ll find on the 4th line HTTP_COOKIE to cache a cookie is set. There will be a real login page.

Simply, while someone gets into wp-login.php or wp-admin, he’ll find a Forbidden error. It is because the cookie is set to access this file. Therefore, he has to log into that portion before the main login page. Besides, the cookies are set to wp-connex.php.

Key takeaway 2: Open a fresh login page for cookie.

As you have finished the first step .htaccess, you are on step two. Here at first, you need to open a file where a cookie was set. The file was named as wp-connex.php by us. Yet you can rename it as you want. Still while changing the name, you have to change the code as well.

To open a file: Open a new window page in the notepad. Then you’ve to write down or paste this code. Finally, save it as wp-connex.php

<?php
setcookie("wp-connex", 2917998723);
header("Location: wp-login.php");

It’s all about this!

Plus, we require the two files. As you know, the . htaccess is on a server. Therefore, you have to edit only rather than creating a fresh .htaccess file. After that, go and login to your server (With FTP software or Cpanel)

This is one FTP Software. Where you can go for the support!

https://filezilla-project.org

Thus, you will be able to update these files in the original directory. You can go to yourdomain/wp-connex.php to get into wp-login.php.

Although the article is about how you can manually change wp-admin URL without plugin, you should also know how you can use a plugin to do this. If the process of plan A & B seems tough to you. Let’s undergo Plan C now!

The question may arise why I should go for a plugin for securing my login page?

Obviously, I’ve got some reasons for using a plugin in order to secure your login URL. If you create a new login path, it won’t let you know future updates. That is to say, this is one of the best practices to secure the core.

Moreover, one may need to go through compatibility issues with plugins. It contains code with wp-login.php. Luckily, you will get a lot of incredible plugins available. You may get some plugins that work best for changing your WordPress login page URL.

https://wordpress.org/plugins/tags/custom-login-url/

Change-wp-admin-login can be a great plugin in this circ*mstance.

https://wordpress.org/plugins/change-wp-admin-login/

Often it becomes tough for you to change the WordPress login page URL manually. The manual process comes with difficulty. That’s why, I think using a plugin is the best way to change the login page.

Let’s know about one recommended plugin to use.

WPS Hide Login

This is one of the best plugins for changing the WordPress login page URL. WPS Hide Login helps you change the login form as quickly as you click on it. Again the plugin can be set for your whole network or even for a single website. This plugin doesn’t use redirects or doesn’t change the core files. Plus, WPS Hide Login is very lightweight.

Download the plugin from the WordPress plugin repository.

As soon as you download this plugin, it will instantly change your WordPress login URL. Now, you can use this address to log into your website.

Note: Somehow, you may need to cancel this process. For this, you have to do a slug test and deactivate WPS Hide Login. Thus, the URL will return to back as it was before.

Wrapping up

Ensuring security for your website is the most important thing. Already you should have realized that, this is the best practice for security; to change the WordPress login URL. Surely, you’ll love the easiest way to get more security layers. Accordingly, I came with different plans to show you.

Hopefully, you could solve all the issues. If there are problems still, please feel free to comment below. I or my team members will be right back to you soon. Best wishes and thanks a lot for reading the article.

Was it helpful enough? If it was sharing it wherever you have networks.