If your WordPress hasn’t been attacked by a brute force till now, consider yourself lucky.

A brute force attack is a really stubborn attempt by an attacker to break into your WordPress dashboard and take over control of it. They try various combinations of usernames and passwords, which can possibly let them in, mostly by guesswork or bots.

Since we all know the URL to log into the WordPress admin panel is “wp-admin” or “wp-login”, it kind of gets easier for hackers to at least know where to attack. There are quite a few ways that can help you avoid becoming a victim of brute force attacks, and one of them is changing the admin URL.

WPS Hide Login

A very lightweight and absolutely free plugin, WPS Hide Login, will let you easily change the admin URL to something of your choice. The good thing with this plugin is, it doesn’t rewrite or change core files. It simply obstructs page requests and makes wp-directory and wp-login page inaccessible.

However, after you change your admin URL, make sure to note it down somewhere, so you don’t forget it. If, in the future, you’d want to go back to the default URL, you can simply deactivate the plugin, and it’ll bring back the settings.

So, first of all, login to your WordPress dashboard and click on Plugins > Add New.

In the search bar, type in “WPS Hide Login” and click on “Install Now”.

Once you install and activate this plugin, head over to settings > permalink. Here you’ll be given a “Login URL” field where you can enter your new URL slug, which will become your admin URL.

Just type in your preferred login URL and hit “Save changes”. Now, your new admin URL is activated, and the old one is inaccessible.

iThemes Security

If your need is only to change the admin URL, then stick with the above plugin. However, if you’re looking for something more than that, then iThemes Security is one brilliant plugin to fulfill that. It is an all-in-one security suite for your WordPress site that has a ton of great features, and one of them is changing a bunch of back-end URLs. If you have a multi-author blog, then this plugin can come handy in branding.

After you’ve installed and activated the plugin, head over to settings > permalink, where you’ll have a few different URLs to change, including:

  • Login URL
  • Registration URL
  • Lost Password URL
  • Logout URL

Go ahead and change whichever you wish and hit the “Save Changes” button. You’re done!


I hope you can now hide your WordPress admin URL from the public.