Once you install WordPress, it automatically sets up a login page for your website. This page allows you to access your dashboard as an administrator. Therefore, it is crucial to know your WordPress login URL if you want to make any changes to your website.
WordPress CMS (Content Management System) uses a standard login URL for most websites (unless your web host changes it), so this is usually pretty straightforward. But it is possible to change the WordPress login link and hide it so that other people can't access the admin dashboard. If you lose it, things can get a little tricky.
In this guide, we will discuss how to find, change, and hide the WordPress login URL.
Why the WordPress Login Page is Important
Without accessing the dashboard, you will not be able to make any changes to your WordPress website. To access the dashboard, you need to complete the WordPress login process by entering your username or email address and password.
By default, WordPress does not hide the login page. Any user can find it if they know how WordPress constructs the login URL. However, unless the visitor has a set of credentials, they cannot bypass the login page.
When you launch a new WordPress website, the CMS automatically sets up an administrator account for you. The “Administrator” user role is the only one that has full access to every tool and setting within the dashboard. This means that if someone else gains access to your administrator account credentials, they’ll also gain full access to your website.
With WordPress, you can set up several types of accounts for other users. As long as these accounts have secure credentials, unauthorized access won’t be a big problem. However, one thing you can do to protect your login page and website from being attacked is to hide the WordPress admin URL.
How to Find Your WordPress Login URL
Finding the WordPress login URL should be a relatively simple process. By default, the CMS is installed using the standard admin link structure.
But some web hosts automatically change the WordPress login URL for added security. Let’s explore how to find the URL in both cases.
What is the default WordPress login URL?
Unless you modify the code, WordPress installs using the standard login URL. The link should look like this:
yourwebsite.com/wp-login.php
After appending the /wp-login.php suffix to your domain name, you will be taken directly to the WordPress login page. The same basic structure applies if you use a subdomain or subdirectory:
shop.yourwebsite.com/wp-login.php
yourwebsite.com/shop/wp-login.php
But that’s not the only way to get to the login page. If you try to jump directly to the dashboard and you’re not logged in, WordPress will reroute you to the login page.
By default, you can find the WordPress admin login at:
yourwebsite.com/wp-admin
If none of these URLs work, you may be dealing with a web host that uses custom WordPress login and administrator addresses. Some web hosts use this setup to make it more difficult for attackers to access your site.
How to Find Your Custom WordPress Login URL
As you may already know, some web hosts can automatically set up WordPress for you. These WordPress hosting providers may also automatically change the default login URL structure. If this happens, they may include a link to the login page in the email or hosting control panel.
Depending on your web host, you may also be able to bypass the WordPress login process entirely. Some hosting control panels include a one-click link to the WordPress admin dashboard.
If your web host doesn't offer that option, you may need to find the login URL manually. The easiest way to do this is to connect to your site via File Transfer Protocol (FTP). You can then open the WordPress core file that specifies the login link.
You will need a set of FTP credentials and a client (such as FileZilla) to connect to the server. If you are unsure of your FTP credentials, you should be able to find them through your web host.
Once you are connected to your server via FTP, navigate to your WordPress root folder. It should have a name such as public , public_html , www , or your website name.
Inside, you will find a file called wp-login.php .
Open the file with a text editor, being careful not to edit any of the code. Use the text editor's search tool to find the string site_url . This will lead you to a line of code that specifies your site's custom login URL.
In the example above, the custom login address is login-page.php . If you take that address and add it to your domain, you will get a URL that looks like this:
yourwebsite.com/login-page.php
You can manually change your site’s login URL using the wp-login.php file. We’ll show you how to do this later. For now, remember to bookmark the WordPress login page in case you forget its URL.
How to Access the WordPress Login Page from the Front-End
If you want to simplify access to your login page for you and other users, you can link to it from any other page on your site.
If you use the block editor, you can add the Login/Logout block to any page you want.
The Login/Logout block adds a simple link that you can use to log in or out of your site. One downside to this approach is that you might make your site more vulnerable to attackers who want to brute force their way past the login page.
As long as you practice good security measures, such as enforcing strong passwords and two-factor authentication (2FA), then there’s nothing wrong with linking to a login page. However, the decision is yours.
How to Change the Default WordPress Login URL
In this tutorial, we will show you how to change the WordPress admin login URL using two methods: manually and using a plugin. We will start with the plugin method, which is the recommended option in most cases.
1. Change the default WordPress login URL using a plugin
The easiest way to change the WordPress login URL is to use a plugin. There are several tools that can do the job, but in this tutorial we’ll be using WPS Hide Login.
This plugin helps you hide the WordPress login and / wp-admin URLs. It does this by changing the WordPress login URL. It also reroutes any attempts to access the login and admin pages through their default addresses.
To change the login URL, activate the plugin and go to Settings → WPS Hide Login. You can also find the plugin settings at the bottom of the Settings → General configuration page.
In this section, you will find a field for entering your new WordPress login URL. You can also configure which page should load when other users try to access the default admin or login address.
Click Save Changes and you’re all set. If you try to visit the default WordPress login address, it will redirect you to the page you just set. To log in again, you’ll need to use the new URL, so make sure to save it.
2. Manually change the default WordPress login URL
We recommend using a plugin to change the WordPress login URL because it is easy and secure. When you edit the WordPress login page manually, you might break the core functionality of your website because you are dealing with several important files.
Another downside to manually changing the login URL is that the process can be reverted when you update WordPress. The only way to avoid this is to create a completely new login page and use a child theme.
If you decide to do it manually, changing the login URL involves editing a copy of the wp-login.php file.
Connect to your website via FTP and navigate to your WordPress root directory to locate the file. Locate the wp-login.php file and download a copy of it to your computer.
First, open your local copy of wp-login.php using a text editor . It’s best to use a text editor that includes a “search and replace” tool. This feature will change all existing instances of the WordPress login URL within the file (and there are a lot!).
Use the search tool to find every instance of the wp-login.php string and change it to the name you want to use for your new login page.
For example, you could replace the string with "access.php":
This process is designed to preserve the structure and functionality of the WordPress login page while changing its URL. After replacing each instance of wp-login.php , save your edits to the file and close it.
Now, rename the file according to the new URL of your choice. In our case, the file will be called access.php .
Go ahead and upload that file to your WordPress root directory. Both wp-login.php and your new login page file should be there now.
Next, head to wp-content/themes and find the folder for the child theme you’re using. It’s important to reiterate that you need to use a child theme unless you want your customizations to disappear when you update your theme .
Open your child theme folder and find the functions.php file inside it. Go ahead and open it.
Add the following WordPress “hook” in it, before the // END ENQUEUE PARENT ACTION line:
01.add_filter( ‘login_url’, ‘custom_login_url’, PHP_INT_MAX );02.function custom_login_url( $login_url ) {03.$login_url = site_url( ‘access.php’, ‘login’ );04. return $login_url;05.}
Replace the access.php string with the name of your new WordPress login file. This code tells WordPress to use a specific file as its login page, as long as it contains the standard login form.
Save your changes to *functions.php and try to visit the custom login URL you just set. It should be exactly the same as your original wp-login.php file. Also, if you are using *a Login/Logout block in the block editor , it will now point to that new page.
At this point, you can return to your WordPress root directory and delete the original wp-login.php file. If you change themes at some point, remember that you will need to add this hook to the new theme’s functions.php file in order for the custom login page to work properly.
We protect your website. You run your business.
Jetpack Security provides easy-to-use, comprehensive WordPress website security, including real-time backups, web application firewall, malware scanning, and spam protection.
What to do if your custom WordPress login URL isn’t working
If you try to access your custom login URL and are unable to, there could be a number of reasons. Let's look at the most common reasons.
1. What to do if you changed your WordPress login URL using a plugin
If you configured a custom login URL using a plugin, the new address will not stop working unless you disable the plugin.
For example, if you deactivate the plugin, WPS Hide Login will restore your login address to the original URL. In this case, you should be able to access the dashboard using the default login link.
If the plugin is active, you may be dealing with a compatibility issue with WordPress or another plugin. In this case, the best thing to do may be to temporarily disable the plugin so that you can access the WordPress admin dashboard and continue updating your site.
To disable plugins without accessing the admin dashboard, you’ll need to use FTP. Connect to your website via FTP and navigate to wp-content/plugins .
Find the folder corresponding to the plugin that changes the login URL (it should have a similar name) and rename or delete it.
Deleting the plugin folder will uninstall it, while renaming it will temporarily disable it. In either case, disabling the plugin should resolve the compatibility issue. Your WordPress login page will revert to the original URL and you will be able to access the admin dashboard.
2. What to do if you manually changed your WordPress login URL
If you change the address manually, your custom login URL may stop working for a number of reasons. Editing the WordPress login address usually involves the following steps:
- Create a new login page to replace wp-login.php
- Modify your active theme's functions.php file to recognize the new login page
In some cases, updating WordPress may remove the new login page you added to your root directory. Or, if you don’t use a child theme and update your active theme, this will overwrite any changes you made to its functions.php file.
First, try accessing the default WordPress login address. If successful, you will need to manually change the address again. You can do this by following the instructions in the previous section of this troubleshooting guide.
3. What to do if your web host changes your WordPress login URL
If you are using a web host that provides you with a ready-made custom WordPress login URL, it is not likely that it will suddenly stop working. If this does happen, we recommend checking your site’s database or wp-login.php file to see if the custom URL has changed.
In some cases, a custom login URL may stop working due to an issue with your hosting provider. If this happens, your only option is to contact their support team so they can help you resolve the issue.
How to Upgrade and Secure Your WordPress Login Page
Changing your login URL is the first step to protecting your WordPress site. But even with a custom link, your login page is still vulnerable to attackers.
It is not uncommon for attackers to obtain login credentials from leaked information. Other malicious actors may also attempt to brute force login pages.
If you want to reduce the chances of the wrong people gaining access to your WordPress dashboard, you can take the following actions:
- Use a 2FA plugin . Enabling this type of security plugin makes it more difficult for attackers to break in because it requires the user to have a specific physical device in addition to the correct login credentials.
- Whitelist IP addresses. You can use .htaccess file to whitelist IP addresses that have access to the WordPress dashboard. Any IP that is not on the whitelist will not be able to log in.
- Implement CAPTCHA . Using a simple CAPTCHA can effectively protect login pages from bots and brute force attacks.
- Limit the number of potential login attempts. Limiting the number of login attempts someone can make in a given period of time is an excellent way to discourage attackers from trying to guess credentials.
- Enforce strong passwords. Unfortunately, many people reuse passwords or use weak credentials. Enforcing strong passwords may annoy some users, but it can help protect your site from attackers.
Simply changing your WordPress login URL makes it harder for hackers to break into your site. To get to the login page, they need to find it first. As long as the new address isn’t obvious, you should be safe.
It’s in your best interest to protect your login page as much as possible. This rule is especially true if you run a website that stores any kind of sensitive user data.
Jetpack has a lot of great WordPress security tools, including a powerful tool to help protect against brute force attacks. It also includes tools to help you whitelist IP addresses and block spam comments.
Frequently Asked Questions About WordPress Login Page
If you still have any questions about the WordPress login page and its URL, this section will answer them for you.
Why is my WordPress login not working?
If you can access the WordPress login page but cannot get into the dashboard, there may be a problem with your credentials. WordPress allows you to recover a lost password if you have access to the email address associated with your account.
If the login page itself isn't working, and you're using a custom URL, there may be an issue with their implementation. If you're using a plugin or have changed the login URL manually, we have instructions for that, which you can check out above!
What should I change the default WordPress login URL to?
You can change the WordPress login URL to any address you want. If you value ease of use, you may want to change the address to something that is easy for you and other users to remember.
Alternatively, you can choose a unique WordPress login address that no one else can guess. You can easily bookmark the login page and share the link with team members you trust. This approach is smart from a security perspective.
Protect Your WordPress Login Page from Attacks
One of the great things about using WordPress is that you can manage every aspect of your site from your dashboard. However, you'll first need to navigate to the WordPress login page. If you use the default login URL, anyone can find that page and try to break in. Changing your WordPress login URL is an easy way to prevent intrusions.
The best way to change the WordPress login URL is to use a plugin like WPS Hide Login. You can also adjust the login link manually. However, this process requires you to edit WordPress core files, so we don’t recommend it.
Creating a custom WordPress login page is just one option for website security. The Jetpack plugin can also help by backing up your website files, running security checks, and preventing spam.
in conclusion:
From a security perspective, it's a good idea to change your WP-admin login URL so that it's harder for hackers to guess.
This will enhance the security of your WordPress blog to a great extent. At the same time, if you are running a multi-author blog or using it in a way that you and others need to interact with the login and registration pages regularly, use another plugin to change the URLs.
The second option is optional, however, I recommend that you implement the first option (changing your wp-admin URL) right away for increased security.
You can also read the following articles to learn more about WordPress blog security:
Disclosure: Some of the links in this article contain affiliate links, which means we may earn a commission if you click through to visit us, at no extra cost to you. See how SidelinePlay is funded, why it’s important, and how you can support us.
Was this helpful?