How To Change Login URL Without Plugin

Why do you need to change your login URL? To protect and hide your admin page from intruders / hackers / bad guys. They can attack your website using Brute Force, as the name implies they will force their entry on your backend page. Once they know your main door (login URL)which is your wp-admin next they need to know is your username and password. If you have not change your username from ‘admin’ there is only 1 thing left for them to guess, your password. They have their password dictionary to try all of them in your website. We can never sure what will happen to your lovely website once they are in.

A fresh install WordPress has the default admin URL www.yoursite.com/wp-admin. Changing the the login URL will surely protect your website from bad intentions. It not 100% guaranteed security but it adds 99% difficulty to the attackers. This can be achieve using a plugin or without a plugin. But when it comes to security I do not trust all of them to plugins, for me I would like to add another layer of human made security, not automated. Something the human has, the unpredictability.

Here I will show you in 5 steps how to change the login URL without using plugins. You don’t need to be a programmer to change the login URL. First, you just need to know your way in the cpanel or using the FTP either of the two. Second, creating file, copy, paste, and replace.

Before doing all this I recommend to backup your website first, we never know what you will break. You can also test in your production server. Do this in your cpanel, though this can also be done using FTP and write/edit code from your local machine.

5 Steps To Change Login URL Without Plugin

  1. Create a php file. Give it a filename example “my-new-wp-login.php”.
  2. Copy all the code in wp-login.php from your server.
  3. Paste it in my-new-wp-login.php file.
  4. In my-new-wp-login.php find and replace the exact words “wp-login.php” and replace it with “my-new-wp-login.php”.
  5. Delete the old wp-login.php

If you check you will see /wp-admin and /wp-login.php will take you to 404 page not found page and /my-new-wp-login.php will take you to your Login page.

Next is you need to update the logout button in the backend page. In the file: wp-includes/general-template.php

change the code at line number 361 that has the default login page. The function look like this

355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
function wp_logout_url( $redirect = '' ) {
    $args = array( 'action' => 'logout' );
    if ( ! empty( $redirect ) ) {
        $args['redirect_to'] = urlencode( $redirect );
    }
    $logout_url = add_query_arg( $args, site_url( 'wp-login.php', 'login' ) );
    $logout_url = wp_nonce_url( $logout_url, 'log-out' );
    /**
     * Filters the logout URL.
     *
     * @since 2.8.0
     *
     * @param string $logout_url The HTML-encoded logout URL.
     * @param string $redirect   Path to redirect to on logout.
     */
    return apply_filters( 'logout_url', $logout_url, $redirect );
}

change the ‘wp-login.php‘ to ‘my-new-wp-login.php’.

$logout_url = add_query_arg( $args, site_url( 'wp-login.php', 'login' ) );

So the end result would look like this

355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
function wp_logout_url( $redirect = '' ) {
    $args = array( 'action' => 'logout' );
    if ( ! empty( $redirect ) ) {
        $args['redirect_to'] = urlencode( $redirect );
    }
    $logout_url = add_query_arg( $args, site_url( 'my-new-wp-login.php', 'login' ) );
    $logout_url = wp_nonce_url( $logout_url, 'log-out' );
    /**
     * Filters the logout URL.
     *
     * @since 2.8.0
     *
     * @param string $logout_url The HTML-encoded logout URL.
     * @param string $redirect   Path to redirect to on logout.
     */
    return apply_filters( 'logout_url', $logout_url, $redirect );
}

Note: When you update the WordPress to a new version it will re-create the “wp-login.php” file and override the changes in the ‘general-template.php’ logout link.