If you are a WordPress user, you will know that the default login URL is at “/wp-login.php”. This default login URL is very convenient, but there are times when you’d be better changing it. There are a few good reasons to change the default login URL and there are some easy ways to do it. Read more about this in this article.
Why Would I Change the Default Login URL
The main reason to want to change the default login URL for your WordPress site is security. First, it tells hackers you are using WordPress (not that they can’t find this in other ways, but you are making it too easy for them). When hackers know your site is “Powered by WordPress” and know common WP vulnerabilities, you become an easy target.
Second, the default administrator’s username is “admin.” Not many WordPress sitemasters bother to change it. And hackers know this. The only thing left is to figure out your password. This isn’t easy, especially if you have done your homework and have chosen a harder-to-guess password, but just think of the load on your server while hackers are trying to brute-force-guess your password. Of course, if you change your default login, there is still no guarantee hackers won’t touch your site. But you are making their task much harder, and chances are they will simply move on to easier victims.
How to Change the Default Login URL
Before you begin with the actual steps of changing the default login URL, you really need to make a backup. I can’t stress how important a backup is! The default login change is usually painless, but if there are compatibility issues and other problems, without a backup you are simply lost. So, back up your site before you go on.
Now, when you have a backup, you can download and install the Custom Login URL plugin. When you are done, go to “Settings -> Permalinks” and scroll down the screen till you see the following image.
These are the default URLs, and you can change them as you please. For instance, you can change “/wp-login.php” to “/user/login/,” “/wp-login.php?action=register” to “/user/register/,” “/wp-login.php?action=lostpassword” to “/user/remind/,” and “/wp-login.php?action=logout” to “/user/logout/.”
Of course, these are just suggestions – you can change the URLs to anything you like. It’s even better to change them to something less logical – e.g. “/go,” “/enter,” or even something absurd (“/cucumber” or “/hahaha” come to my mind) because this makes it nearly impossible for hackers to guess. You can even change them to non-English URLs – this will make it even more difficult for hackers to guess.
When done, click Save Changes and test your new URLs.
Before you log out of the dashboard, do not forget to write down the changed URLs because if you forget them, even Google won’t be able to help you!
This is probably the easiest way to change the default login URL. It doesn’t involve any coding or messing with the installation files. There are other plugins you can use, too, such as Move Login or WPS Hide Login, so if for some reason you don’t like Custom Login URL, you are not stuck with it.