Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
Share on:

How to Change WordPress Admin URL to Prevent Brute Force Attacks?

wp hide login
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

If your WordPress hasn’t been attacked by a brute force till now, consider yourself lucky.

A brute force attack is a really stubborn attempt by an attacker to break into your WordPress dashboard and take over control of it. They try various combinations of usernames and passwords, which can possibly let them in, mostly by guesswork or bots.

Since we all know the URL to log into the WordPress admin panel is “wp-admin” or “wp-login”, it kind of gets easier for hackers to at least know where to attack. There are quite a few ways that can help you avoid becoming a victim of brute force attacks, and one of them is changing the admin URL.

WPS Hide Login

A very lightweight and absolutely free plugin, WPS Hide Login, will let you easily change the admin URL to something of your choice. The good thing with this plugin is, it doesn’t rewrite or change core files. It simply obstructs page requests and makes wp-directory and wp-login page inaccessible.

However, after you change your admin URL, make sure to note it down somewhere, so you don’t forget it. If, in the future, you’d want to go back to the default URL, you can simply deactivate the plugin, and it’ll bring back the settings.

So, first of all, login to your WordPress dashboard and click on Plugins > Add New.

In the search bar, type in “WPS Hide Login” and click on “Install Now”.

Once you install and activate this plugin, head over to settings > permalink. Here you’ll be given a “Login URL” field where you can enter your new URL slug, which will become your admin URL.

Just type in your preferred login URL and hit “Save changes”. Now, your new admin URL is activated, and the old one is inaccessible.

iThemes Security

If your need is only to change the admin URL, then stick with the above plugin. However, if you’re looking for something more than that, then iThemes Security is one brilliant plugin to fulfill that. It is an all-in-one security suite for your WordPress site that has a ton of great features, and one of them is changing a bunch of back-end URLs. If you have a multi-author blog, then this plugin can come handy in branding.

After you’ve installed and activated the plugin, head over to settings > permalink, where you’ll have a few different URLs to change, including:

  • Login URL
  • Registration URL
  • Lost Password URL
  • Logout URL

Go ahead and change whichever you wish and hit the “Save Changes” button. You’re done!


I hope you can now hide your WordPress admin URL from the public.

Thanks to our Sponsors
More great readings on WordPress
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Semrush is an all-in-one digital marketing solution with more than 50 tools in SEO, social media, and content marketing.
    Try Semrush
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder