Changing your WordPress login URL can be a quick way to drastically decrease the number of bad login attempts to your website. By default your WordPress site’s login URL is domain.com/wp-admin. One of the problems with this is that all of the bots, hackers, and scripts out there also know this. By changing the URL you can make yourself less of a target, better protect yourself against brute force attacks, and decrease the bandwidth used by the bots that hit this URL repeatedly. This is not a fix all solution, it is simply one little trick that can definitely help protect you.
And don’t forget to always use a secure username and password! Don’t use the default “admin” for your username and never use “1234567” for your password. In fact, we enforce using a secure password on all WordPress sites created here at Kinsta.
Change Your WordPress Login URL
Normally we give a couple options such as a plugin method and a code method. However, when it comes to changing your WordPress login URL it is actually a little more complicated; and the code itself actually does belong in its own plugin. Remember, having too many plugins is not as important as ensuring you choose the ones that are lightweight and well developed. To change your WordPress login URL we recommend using the free WPS Hide login plugin.
The plugin has 100,000+ active installs with a 4.8 out of 5-star rating, and is actively kept to date by the developer, Rémy Perona. You can download WPS Hide Login from the WordPress repository or by searching for it within your WordPress dashboard under “Add New” plugins. This plugin is very lightweight and more importantly, it doesn’t change any files in core or add rewrite rules, it simply intercepts requests. It is also compatible with BuddyPress, bbPress, Limit Login Attempts, and User Switching plugins.
The plugin only has one option and is fast to configure. Once activated simply change your WordPress login URL under the “General” section in settings. Remember to pick something unique that won’t already be on a list that a bot or script might attempt to scan.
Important! Once you “Save Changes” your WordPress login URL is now changed. The old login will no longer work, so you will want to update your bookmarks. If you have any issues, you can always revert back to normal by removing the plugin via FTP on your web server.
If you’re a Kinsta client you might also want to exclude this from caching. Simply open up a quick support ticket and let us know your new login URL.
Changing your login URL can also help prevent common errors like “429 Too Many Requests.” This is typically generated by the server when the user has sent too many requests in a given amount of time (rate limiting). This can be caused by bots or scripts hitting your login URL. The end user rarely causes this error.
429 too many requests
For more security tips make sure to take a look at this in-depth guide: WordPress Security – 19+ Steps to Lock Down Your Site