Introduction
Securing your WordPress website is a top priority for web administrators. One simple yet effective method to enhance security is by changing the default login URL. This article will guide you through doing this without using a plugin by modifying the code in the functions.php
file.
Why Change the WordPress Login URL?
- Enhancing Security: The default login URL for WordPress is
/wp-login.php
or/wp-admin
. Changing this URL makes your website harder to attack as hackers won’t know the new login URL. - Reducing Brute Force Attacks: Brute force attacks often target the default login URL. By changing this URL, the likelihood of such attacks decreases significantly.
Preparation Steps Before Changing the URL
- Back Up Data: Before making any changes, back up your entire website data to prevent any potential data loss.
- Check Compatibility: Ensure that your current themes and plugins are compatible with the changes you are about to make. Carefully check to avoid any conflicts.
Explanation of the Code to Change the Login URL
define('PASSCODE','newloginurl');
This line of code defines a fixed passcode for the new login URL. You can replace 'newloginurl'
with any keyword you want to use.
function mask_login_url()
This function checks if the user is accessing the correct new login URL and redirects them to the login page or dashboard as necessary.
function mask_login_redirects()
This function manages redirects when users access URLs like /wp-admin
or /wp-login.php
, ensuring they are redirected correctly based on their login status.
Step-by-Step Guide to Change the Login URL
Adding Code to the functions.php
file
define('PASSCODE','newloginurl');
function mask_login_url(){
if( !is_user_logged_in() && parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY) == PASSCODE ){
wp_safe_redirect( home_url('wp-login.php?'. PASSCODE .'&redirect=false') );
exit();
}
if( is_user_logged_in() && parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY) == PASSCODE ){
wp_safe_redirect( home_url("wp-admin") );
exit();
}
}
add_action( 'init', 'mask_login_url');
function mask_login_redirects(){
if( isset($_POST['passcode']) && $_POST['passcode'] == PASSCODE) return false;
if ( (is_user_logged_in()) && (strpos($_SERVER['REQUEST_URI'], 'wp-admin') !== false)) {
wp_safe_redirect( home_url("wp-admin"), 302 );
exit();
}
if ( (!is_user_logged_in()) && ((strpos($_SERVER['REQUEST_URI'], 'wp-admin') !== false) || (strpos($_SERVER['REQUEST_URI'], 'wp-login') !== false)) && ( strpos($_SERVER['REQUEST_URI'], PASSCODE) === false ) ) {
wp_safe_redirect( home_url(), 302 );
exit();
}
if( strpos($_SERVER['REQUEST_URI'], 'action=logout') !== false ){
check_admin_referer( 'log-out' );
wp_logout();
wp_safe_redirect( home_url('?logged-out'), 302 );
exit();
}
}
add_action( 'login_init', 'mask_login_redirects', 1);
function custom_login_hidden_field(){
echo '<input type="hidden" name="passcode" value="'. PASSCODE .'" />';
}
add_action('login_form', 'custom_login_hidden_field');
- Updating the Login URL: After adding the code to the
functions.php
file, your new login URL will be//yourwebsite.com/?newloginurl
.
Testing and Verification
- Logging in with the New URL: Open your browser and navigate to the new login URL to ensure it works correctly. If you see the WordPress login page, you have done it right.
- Checking Redirect Functionality: Ensure that when accessing URLs like
/wp-admin
and/wp-login.php
, you are redirected correctly based on your login status.
Benefits of Using Code to Change the Login URL
- Better Security: Using code instead of a plugin gives you complete control and does not rely on third parties, thus reducing security risks.
- No Need for a Plugin: Avoid installing unnecessary plugins, which helps your website run faster and more stably.
- Streamlining WordPress Post Duplication Without Plugins
Important Considerations
- Do Not Share the New URL Widely: Keep the new login URL private to prevent it from falling into the wrong hands.
- Regularly Update WordPress: Ensure you always have the latest version of WordPress to protect your website from security vulnerabilities.
Troubleshooting Common Issues
- Forgetting the New Login URL: If you forget the new login URL, you can edit the
functions.php
file to reset the passcode.
- Redirect Errors: If you encounter redirect errors, check the code in the
functions.php
file to ensure there are no syntax errors.
Conclusion
Changing the default login URL of WordPress is an effective way to secure your website without using a plugin. By following the steps outlined above, you will have a more secure login URL, reducing the risk of attacks.
Shortlink: /20HwtLgv