Last updated December 6th, 2023 06:06
Administration is considered a key element of the entire WordPress content management system. As such, it becomes a target for many attacks and attackers. These can be simple, such as brute force attacks, or more sophisticated, where various security vulnerabilities are exploited. The primary goal of any WordPress website owner should be to protect their administration area. That mean, no unauthorized person can gain access to it. This can be achieved in many ways, one of which is changing the primary URL of the WordPress administration area. This can at least confuse the robot performing the attack, making them target someone else. Here is a guide on how to change the WordPress admin URL address.
What is the WordPress administration URL?
After installing a clean version of WordPress, the administration area becomes available at https://yourdomain.extension/wp-admin or https://yourdomain.extension/wp-login.php. Many attackers are aware of this fact and try to attack your website directly through these addresses. For this reason, it is highly recommended to change the URL and make their task more difficult. To emphasize this, it is recommended that you always make a backup of your files before making any changes to the administration URL. It may be crucial for you in case anything goes wrong.
How to change the WordPress admin URL address – Methods
There are several ways to do this. From simpler methods that practically anyone can do, to more difficult ones that require a certain knowledge of the system and how WordPress works.
- Using a plugin: There are many plugins that allow you to easily change the WordPress admin URL. Some of the most popular ones include WPS Hide Login, which allows you to change the login URL, and iThemes Security, which also allows you to do the same.
- Editing the .htaccess file and functions.php file: Another way to change the WordPress admin URL is by editing the .htaccess file and the theme’s functions.php file. However, this may be more difficult for users who are not familiar with coding in PHP and managing data on FTP. If you want to use this method, you can insert code into the .htaccess file that will redirect to the new URL address.
How to change the WordPress admin URL address using a Plugin
There are many plugins available that allow you to change the admin URL in WordPress. This is a relatively simple method, especially for users who are just starting out with the system. Most of the plugins are also available in the official WordPress repository and can be installed and activated through the left-hand menu designated for plugins. Here is a list of the most commonly used plugins:
- WPS Hide Login
- Change wp-admin login
- iThemes Security
- All In One WP Security & Firewall
- Rename wp-login.php
How to Change the WordPress admin URL – Using the .htaccess File and functions.php File
This method is a bit more technically challenging. But on the other hand, it will save you speed and space on WordPress, as you won’t have to unnecessarily use another plugin that you wouldn’t otherwise need for anything else. In total, you will need to modify three files on FTP. Specifically, these:
- .htaccess
- functions.php file (template appearance file)
- configuration file – wp-config.php
1.) First, we’ll modify the .htaccess file.
The .htaccess file is located in the root directory of the web server or in a specific directory where its rules should apply. If the .htaccess file is located in a directory other than the root directory, its rules will only be applied to files in that directory and its subdirectories.
So in the first step, log in to the FTP of your website and locate a file named .htaccess. Here, add two lines of code to its contents:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# přidat tyto dva řádky:
RewriteRule ^mojeadministrace/(.*) wp-admin/$1?%{QUERY_STRING} [L]
RewriteRule ^connect$ wp-login.php
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
In this code, replace the word “mojeadministrace” with any other word that you want to name your WordPress administration.
2.) Modifying the wp-config.php File
Now, navigate to the wp-config.php file on your FTP. Insert the following two lines into the file, but don’t forget to modify the name you want to use for the administration as well. We still use “mojeadministrace“.
define( 'WP_ADMIN_DIR','mojeadministrace');
define('ADMIN_COOKIE_PATH','/');
The wp-config.php file is located in the root directory of the WordPress installation and is necessary for the proper operation and running of the entire system. It can be edited to modify certain settings.
For example, it can be edited to change the name of the database, username, or password for database access, set the language or enable/disable certain WordPress functions. HTML tags remain unchanged.
3.) Editing the function.php file
The last file you will need to edit is the function.php file, which is located in the folder of your theme. This is usually the wp-content/themes/your_theme_name/function.php file. Insert the following code at the end of the PHP script and save the file:
if (strpos($_SERVER['REQUEST_URI'], 'wp-admin') !== false || strpos($_SERVER['REQUEST_URI'], 'wp-login') !== false || strpos($_SERVER['REQUEST_URI'], 'admin') !== false || strpos($_SERVER['REQUEST_URI'], 'login') !== false) {
header("HTTP/1.1 301 Moved Permanently");
header('Location: /'); die(); // přesměrujeme na web
# wp_safe_redirect( '404.php' ); // nebo zobrazíme chybovou stránku 404
}
add_filter('site_url', 'wpadmin_filter', 10, 3);
function wpadmin_filter( $url, $path, $orig_scheme ) {
$old = array( "/(wp-admin)/");
$admin_dir = WP_ADMIN_DIR;
$new = array($admin_dir);
return preg_replace( $old, $new, $url, 1);
}
add_action('login_form','redirect_wp_admin');
function redirect_wp_admin(){
$redirect_to = $_SERVER['REQUEST_URI'];
if(count($_REQUEST)> 0 && array_key_exists('redirect_to', $_REQUEST)) {
$redirect_to = $_REQUEST['redirect_to'];
}
}
add_filter('site_url', 'wplogin_filter', 10, 3);
function wplogin_filter( $url, $path, $orig_scheme ) {
$old = array( "/(wp-login\.php)/");
$new = array( "connect");
return preg_replace( $old, $new, $url, 1);
}
Once you have saved the change in the third and final file, the administration of your website will only be accessible through the new address. In this case, it will be the URL https://yourdomainname.tld/mojeadministrace/. If someone tries to enter the original administration URL, they will be redirected back to the website’s homepage and will not be able to access the administration.
Conclusion
Whether you choose to use a plugin or try to learn how to work with the files in the content management system and code, you will be able to change the address that a potential attacker may not know. This will reduce the chance of password attacks on your system and make your WordPress site a little more secure.
The website is created with care for the included information. I strive to provide high-quality and useful content that helps or inspires others. If you are satisfied with my work and would like to support me, you can do so through simple options.
Subscribe to the Newsletter
Stay informed! Join our newsletter subscription and be the first to receive the latest information directly to your email inbox. Follow updates, exclusive events, and inspiring content, all delivered straight to your email.
