pen paper writing icon WordPress icon png newspaper icon

Reduce Exposure to Cyber Attacks by Changing WordPress Admin URL

WordPress Admin URL

You should change your WordPress Admin Login right now. 

Why, you may ask? Well, we all know that the default WordPress admin login URL is super common, which almost everyone who has heard about WordPress CMS is well aware of.


This might seem like a no-brainer, but this is a serious safety hazard in the eyes of cyber security professionals. 

But using these standard URLs and logins, malicious actors can brute-force their way into your WordPress website and can cause serious damage to your website, business / personal data, and can cause financial harm. 

Since WordPress brute-force attacks have become more frequent, cyber security professionals are highly recommending that WordPress users change their URLs as soon as possible. 

This is basically the first line of defense against the most basic and most frequently used attack methods on WordPress websites.

But with valuable and simple WordPress tools and plugins, users can easily change their WP Admin Login URLs

So, follow the following steps mentioned to change your WordPress admin URL. 

Removing WordPress Admin URL Using Plugin Called iTheme Security

For this method, we’ll be using a plugin called iThemes Security, which is available on the WordPress plugin repository. 


Install and activate the iThemes Security plugin. 

Downloading iThemes Security from WordPress


Head over to WordPress Dashboard > Security > Settings > Advanced > HIDE BACKEND, here you will find a check box titled – Hide Backend click on it. 

Now change the Login Slug to whatever you want, just don’t change it to something that is very obvious.

iThemes Security Settings Panel Slug Changed

Once you’re done, click Save.

Users can also add a new URL via the Meta widget, but since we’ve already done this, it is best to remove it.

Removing WordPress Admin URL Using Plugin WPS Hide Login

This is another easy-to-use plugin to change the WordPress admin login URL, which is also available on the WordPress plugin repository.


Install and activate the WPS Hide Login plugin. 

WPS Hide Login Plugin on


Access WPS Hide Login Settings Panel right from the plugin menu or WordPress Dashboard > Settings > WPS Hide Login.

WPS Hide Login Settings


WPS Hide Login is super intuitive. Just scroll down to the WPS Hide Login menu and change the following slug. 

WPS Hide Login Changing - WordPress admin login URL

When done, just click on Save Changes.

Removing the WordPress Admin URL Login Using cPanel


Login to your cPanel using the File Manager menu.

Access your /wp-includes directory. To edit the general-template.php file, right-click and choose Edit:

cPanel via Manager
Note: Before performing any changes, ensure to take a backup of the general-template.php file. 


Locat the following code by pressing Ctrl + F

$link = '<a href="' . esc_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>';

insert two forward slashes //


Now add the following. 

$link = '';

As a final result, the code should look like this:

function wp_loginout($redirect = '', $echo = true) {

 if ( ! is_user_logged_in() )
  //$link = '<a href="' . esc_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>';
    $link = '';


Check out your website. The link should be gone from the Meta widget.

To Wrap It Up, 

We sincerely hope that you’ve found this guide helpful and will consider sharing it with someone who has been looking forward to changing their WordPress admin login URL. 

And in the end, if you have any questions or concerns please feel free to comment down below.