When our readers ask us for tips on making their websites more secure, one of our top recommendations is to change the URL of their WordPress login page.
This simple change makes it more difficult for hackers to gain unauthorized access to your site because they won’t be able to find your login page at the URL they are expecting.
In this article, we’ll guide you through the process of adding a custom login URL to your WordPress site. We will explain each step clearly, so you can follow along even if you are not a tech expert.
Why Add a Custom Login URL in WordPress?
WordPress is the most popular CMS platform and powers over 40% of websites. Because it’s so popular, it’s often a target of hackers who use techniques like brute force attacks to try to log in to your dashboard.
Bots and hackers trying to get into your site know the common login URLs like wp-admin and wp-login and will try to get access to your site using these URLs first.
By changing the WordPress login page URL, you improve your site’s security and make it more difficult for hackers to get access to your WordPress website.
Another reason to add a custom login link in WordPress is to offer a better user experience. You can customize the URL and design of your login page so it matches your branding and existing WordPress theme.
With that said, let’s show you how to add a custom login URL in WordPress in just a few simple steps.
Video Tutorial
If you’d prefer written instructions, just keep reading.
How to Add a Custom Login URL in WordPress Using SeedProd
The simplest way to add a custom login URL in WordPress is by using a WordPress plugin. This lets you simply change your WordPress login URL without editing any core WordPress files.
We recommend using the SeedProd plugin. It’s the best drag-and-drop WordPress page builder used by over 1 million sites. With this plugin, you can easily customize your SeedProd login page and change the URL.
The first thing you need to do is install and activate the plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.
Note: There is a free version of SeedProd, but we’ll be using the premium version for this tutorial since it has the login page templates we need.
Upon activation, you need to go to SeedProd » Settings and enter your product license key.
You can find your product license key under your account information on the SeedProd website.
After that, navigate to SeedProd » Landing Pages and click the ‘Set up a Login Page’ button.
Then, you’ll be taken to a screen that has all of the login page templates.
You can choose one of the pre-made professional templates or select the ‘Blank’ template to build a login page from scratch.
For this tutorial, we’ll choose the ‘Geo Login Page’ template.
Simply hover over the template you want to use and click the check icon.
This brings up a popup where you can name your new login page and enter a custom login page URL.
Next, click the ‘Save and Start Editing the Page’ button.
This will take you to the page editor screen.
You can customize every element of the page with the drag-and-drop builder.
The left side has blocks and sections you can add to the page, and the right side shows a real-time preview of what it looks like.
When you click on any page element, it will bring up a menu to customize it further.
You can customize your login page as much as you want, but we’ll leave the default settings for this tutorial.
For more details on all the customization options, see our ultimate guide on how to create a custom WordPress login page.
Next, you need to click the arrow next to the ‘Save’ box and select ‘Publish’ from the drop-down.
Now, it’s time to change the default login URL to your new login page.
First, click the ‘Page Settings’ menu option at the top of the page.
Then, scroll down the page until you see the ‘Redirect the Default Login Page’ option. Simply click the ‘Enable’ toggle, and you’ll see it turn orange.
This will redirect the default WordPress login page to the new page you just created.
Don’t forget to click the ‘Save’ button again to make sure all of your changes are now live.
Change WordPress Login Page URL With a Free Plugin
We recommend using the SeedProd plugin above because it also lets you easily customize your login page to match the design of your site.
However, some users will want to keep the default WordPress login page and only change the login page URL.
To do this, you can use the free plugin called WPS Hide Login. This plugin lets you simply change the login URL without customizing the page.
Once the plugin is installed and activated, navigate to Settings » WPS Hide Login.
Then, add your new login page URL in the ‘Login url’ box.
You can also add a redirect URL in the ’Redirection url’ box.
This will redirect people to another page on your WordPress blog when they try to access the default wp-login.php page, and they aren’t logged in.
After that, click ‘Save Changes’.
Now, all visitors will automatically be sent to your new login page URL.
Expert Guides on Protecting the WordPress Login Page
Now that you know how to add a custom login URL in WordPress, you may like to see some other guides related to protecting the WordPress login page.
- How to Create a Custom WordPress Login Page (Ultimate Guide)
- Beginner’s Guide: How to Find Your WordPress Login URL
- How and Why You Should Limit Login Attempts in WordPress
- How to Add CAPTCHA in WordPress Login and Registration Form
- How to Add Security Questions to the WordPress Login Screen
- How to Limit Access by IP to Your wp-login.php file in WordPress
- How to Password Protect Your WordPress Admin (wp-admin) Directory
- How To Add Social Login To WordPress (The Easy Way)
- Best WordPress Login Page Plugins (Secure & Customizable)
We hope this article helped you learn how to add a custom login URL in WordPress. You may also want to see our guide on how to add two-factor authentication in WordPress and our expert pick of the best WordPress login page plugins.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Olaf
One of the security steps I perform on almost every website. Besides enabling two-factor authentication when possible, changing the URL is a great basic defense against brute-force attacks. The method using SeedProd looks interesting. Personally, I’ve gotten used to the WPS Hide plugin because I rarely use page builders. This plugin has never let me down, always fully compatible with the site, a great developer behind it, and frequent updates. I’ve been relying on this plugin for several years. It’s excellent, and I’m glad it’s mentioned in the article as one of the options.
Samuel
Wow! Thank you for this article. I love that custom login url help to improve security of the WordPress in that it change the default url to the new one making it difficult for the hackers to gain entry and I also think it help reinforce your branding as well as SeedProd offer the ability to customized the page. Overall this is an easy to follow article. Nice job. Thank you so much
Dennis Muthomi
One thing I found particularly resonating with was the explanation of why changing the login URL is important for security. It’s a simple yet effective way to deter potential hackers, especially when combined with other security measures.
I’ve implemented custom login URLs on several client sites and have found it to be an excellent first line of defense.
Jiří Vaněk
Exactly. It’s a very effective preventive measure against brute force attacks because if the attacker doesn’t know the admin URL, they can’t even initiate a brute force attack. I use a changed URL, and I would also recommend enabling two-factor authentication. If you have a strong password and a unique username, it’s practically impossible to bypass this firewall, so to speak, with brute force or other methods.
Dennis Muthomi
Your point about stopping attacks before they even start clicked with me. It’s super smart – if attackers can’t find your login page in the first place, all those automated bots are basically useless.
The way you explained how proper security layers work together is spot-on. When you’ve got all these different security measures working together, it’s practically impossible for attackers to get through. That’s what makes this approach so effective.
Really appreciate you replying with these insights
Gerard
The plugin you refer to has seen no updates in over 2 years. might wanna update your post.
Ashfaq
there is a problem with these plugins.
if we enter just LOGIN instead of wp-admin or anything else we redirected to the dashboard login page
PseudoGeek
I got tired of getting hundreds of brute-force login attempts per day from around the world. WordFence blocked them, but I got tired of the constant barrage of notifications of blocked attempts. I installed a different plugin than what you’re recommending – WPS Hide Login – on all my sites, and changed the login location from the plugin’s default to something I made up. Now I get ZERO brute-force login attempts because the bad guys can’t find wp-admin any more – it just throws a 404 page not found error. Please tell me why you think this does not improve the security of my sites!
Syams
Dear, how to make like this login?
WPBeginner Support
Take a look at our tutorial on how to password protect your WordPress admin directory
Admin
Rod Salm
This is built into another plugin I love, iThemes Security (formerly known as Better WP Security). It provides this functionality and many more simple to implement security features for your WP install.
Rod Salm
jusTravis
The custom login url is 1 of the main reasons I used iThemes Security, but I switched to WP All-In-One Security because it also offers a honeypot on the login page.
Dan Wheeler
An Many of your posts you recommend plugins that are out of date. Login Lockdown is over a year old. You should keep your recommendations to plugins that have been tested and updated recently. Reader’s following your instructions may get undesired results following your recommendations.
WPBeginner Support
Please see our article, Should you install plugins not tested with your WordPress version. We test all plugins that we recommend, and we regularly update old articles to replace expired plugins with new and better plugins. We also rely on our users to alert us when a plugin we recommended has expired or is no longer available.
Admin
Shantanu Patil
Sir i am getting error in the Theme. I installed ColorMag theme and In the homepage the images of the post is not show my Blog link
WPBeginner Support
Try deactivating all your WordPress plugins, and then check to see if this resolves your problem. If it does, then this means that there is a plugin causing the issue. Activate each plugin one by one and test your website after activating each plugin until you find the culprit. If the plugins are not the issue then you may want to checkout our guide on fixing common image issues in WordPress.
Admin
Lars B
I would like to know more aboth this ….
“…. a custom WordPress login URL will help them improve their website security, it’s not true at all.
Changing the default login URL doesn’t improve your security at all. It’s just a matter of personal preference that’s all.”
Could you please explain this in detail ?
If the site’s login URL is strickly for the owner and administrator – and therefore there’s no public links to the custom login – Wouldn’t a custom URL to the login in this case be an improvement of the security?
WPBeginner Support
Accessing /wp-admin/ directory will redirect users to custom login URL.
Admin
Lars B
I use iThemeSecurity …. and I change the login-URL to something custom line …. if someone is trying to find /wp-admin they will find the “Page Not Found”-page
…. or is there a way around this that I’m not aware of??
Dave
If you try to access wp-admin and it gives you the custom URL, the plugin isn’t doing a very good job of hiding the URL. Plugins like iThemes Security, as Lars mentioned, and Rename WP-Login will throw an error message if you try to access the admin area or default login URL in any way that isn’t the customized one.
It does help the security because the attacker can’t find the form to attack it.