We have lost count of the number of times we have just added ‘/wp-admin’ to the end of a URL to log into WordPress.
But if we know it, so does everyone else.
With an estimated 810 million WordPress websites out there, using default settings is a security risk.
That’s why we recommend changing the WordPress login URL.
Combined with other precautions, this small change could increase your website security enough to avoid the worst happening.
As well as changing the URL, you can also change the login screen to increase brand recognition, which is a nice extra touch.
In this post, we show you how to:
- Change the WordPress login URL from /wp-admin
- Secure WordPress by limiting login attempts
- Customize the login page to match your brand
- Log in when you have lost your username or password
These changes will only take a few minutes and are very easy to do.
Considering how much difference they could make, we think it’s time well spent!
How To Find Your WordPress Login URL
The WordPress login URL is the same for every installation. It’s www.yoursitename.com/wp-admin.
You can also get to the login page using:
- www.yoursitename.com/admin
- www.yoursitename.com/login
- www.yoursitename.com/wp-login.php
Use any of those four URLs and you’ll end up on the WordPress login screen.
Enter your username and password and hit the Log In button and the admin screen will load.
From there, you can fully manage every aspect of your website!
Why Change the WordPress Login URL?
There’s one simple reason to change your WordPress login URL.
Security.
As you now know, the standard wp-admin login URL is created in exactly the same way for every WordPress website.
So whatever your domain name might be, it will always have /wp-admin as the default login URL.
That means those 810 million or so websites can all be accessed by adding /wp-admin to the end of the domain name.
If you were the nefarious type who wanted to hack people’s websites, that presents a lot of easy targets!
That’s why we recommend changing it.
Changing your login URL to something unique makes WordPress much more secure.
Plus, if you allow others to log in, customizing it adds a little extra branding and professionalism.
How To Change WordPress Login URL
As with most things WordPress, changing the login URL is very straightforward.
You can either use a plugin or modify your wp-login.php file.
We’ll show you how to use the plugin as that’s the easiest way. If you would prefer to code it, this post shows you how.
We’ll show how to go from:
- www.yoursitename.com/wp-admin
To
- www.yoursitename.com/somethingtotallyrandom
We’re going to use the free WPS Hide Login plugin to do it.
Navigate to Plugins > Add New from your admin panel.
Search for WPS Hide Login and install and activate it once you find it.
After activating the plugin, select Settings > WPS Hide Login from the admin menu.
You’ll be taken to the bottom of the General page where you’ll see a WPS Hide Login section.
Add a new pathname in the Login url field.
You can put anything you like here, but be realistic. You’re going to need to remember it and it may represent your brand!
Once you have set the login URL, change the 404 page URL if you need to.
Then click Save Changes when you’re ready.
Log out of WordPress and test your new URL to make sure you can log in.
That’s all there is to it!
How To Secure the WordPress Login Page
Securing the login page refers to limiting login attempts.
Rather than letting bots or hackers have unlimited retries to guess your username and password, you can limit how many times someone can get it wrong.
Then you can set a time limit for retries to disrupt any hacking attempts.
It’s another effective step towards a more secure WordPress website and we strongly support it.
You can do this in a couple of ways:
- Set login attempts using your security plugin
- Use a dedicated limit login attempts plugin
Let’s show you both.
Use a Security Plugin
All WordPress security plugins handle this differently but most quality plugins will have the option to limit logins
For example, the popular Wordfence security plugin has the Brute Force Protection feature.
You can control:
- How many login failures before lockout
- How many forgotten password attempts you’ll allow
- What time period you count login attempts
- How long to lock a user out
- What usernames incur an immediate lockout
How you configure these is up to you, but setting them helps reduce the risk of hacks.
Other security plugins will likely have a similar feature but it might be called something different.
Use a Plugin
If your security plugin doesn’t limit logins, you could use the free Limit Login Attempts Reloaded plugin.
As the name implies, it limits the number of login attempts a user can make before being locked out.
Install and activate the plugin as usual. Then follow the setup wizard to get the ball rolling.
Alternatively, navigate to Limit Login Attempts > Settings.
Set the number of login attempts you want to allow, how long a lockout lasts and other settings.
There’s a tooltip by each setting that highlights best practices if you’re not sure what to do.
Hit the orange Save Settings button when you’re done.
Log out of WordPress and try an incorrect username or password to test it out.
You should see an error message letting you know that you have limited attempts left.
That’s the plugin protecting your site!
How To Customize the WordPress Login Page
So far we have identified the WordPress login page, changed the URL and limited login attempts to lock it down.
If you’re running a membership website or work with contributors, wouldn’t a custom login page look more professional?
Let’s tackle that next.
We’re going to use the LoginPress (Custom Login Page Customizer) plugin to help.
Install and activate the plugin in the usual way and you’ll see a new LoginPress menu item appear on the left.
Select LoginPress > Settings to access the main dashboard.
Here you can change the password requirements, control login, enable compliance and other useful tweaks.
Once done, select LoginPress > Customizer from the left menu.
You should see a WordPress customizer window open with your current login page in the center.
Here you can use the WordPress customizer to add or remove any element you want.
Select a menu on the left to open up the full range of customization features.
For example, to change the logo from the default WordPress one, select Logo on the left.
Change the size, position and anything else you like, then hit Publish at the top.
Rinse and repeat for all other settings within the LoginPress customizer until you’re completely happy with your login page.
How easy was that?
What To Do if You Forget Your Login
The final thing we should tackle in our WordPress login masterclass is what to do if you forget your username or password.
We strongly recommend writing them down or keeping them safe, but accidents happen.
So how do we recover?
Forgotten WordPress Username
Forgetting your WordPress username isn’t unheard of, but when you see the steps involved in recovering it you’ll only ever do it once!
You’ll need to access your database to find your username. It isn’t difficult but it’s not something you want to do every day.
Log into your hosting account and open phpMyAdmin.
Once in phpMyAdmin, select your WordPress database.
Select the wp_users table from the left sidebar.
You’ll find your username under user_login. The username is admin in the above example.
If you want to change your username, click Edit.
Then change the user_login value to anything you like. Select Go to save your change.
We wouldn’t recommend changing your username unless you really need to, but that’s how you do it.
Forgotten WordPress Password
Each of us probably has dozens or even hundreds of logins and it can be hard to keep track of them all.
So what happens if you forget your WordPress password?
- Visit the WordPress login page as usual
- Click the Lost your password? link below the login box
- Enter your email address or username
- Click Get New Password
- Check your email for a password reset link
- Click the link to visit the password reset page
- Type in your new password, confirm it, and click Reset Password
Then write the password down somewhere, just in case!
Final Thoughts
So that’s everything you ever need to know about the WordPress login URL and login page.
We shared how to find it, how to change it and how to customize it. We also showed you how to reset your username and password should the worst happen.
Follow all the tips here and you should have a more secure, safe and appealing login experience!
Do you have any WordPress login tips to share? Know any other ways to change the login URL or limit login attempts?
Share your story in the comments below!
Pratik Chaskar holds the pivotal role of CTO at Brainstorm Force, serving as the backbone of the company. Renowned for his organizational skills, strategic thinking, problem-solving attitude, and expertise in leading and executing plans, Pratik plays a crucial role in the BSF’s technological landscape.
Disclosure: This blog may contain affiliate links. If you make a purchase through one of these links, we may receive a small commission. Read disclosure. Rest assured that we only recommend products that we have personally used and believe will add value to our readers. Thanks for your support!
Woh, this is a perfect guide for new WordPress users.
I defiantly suggest to change common login URL and add limited login attempt plugin to make your website more secure.
Indeed, Lily!
Thanks for sharing your thoughts! 🙂
Thanks to this article, I got really good idea and motivation to work on User Registration for my business related websites.
Defiantly this will open lot’s of opportunities for my business.
Hello Katina,
Glad you found it useful. 🙂
I forget my Username and Pass, thanks to you guys I’m able to recover my ID Pass.
Hello Dario,
Glad you found the article useful! 🙂
With help of you guys, I just improved my website security little bit.
Nice tutorial and very detailed information on what to do.
Cheers to that, Cody! 🙂
I set my family photo on WordPress login page, so it keep motivate me to work.
heh
Hello Dustin,
Thanks for the comments!
I am so much grateful for this article. It just came at the right time for me. I have promptly used WPS Hide Login plugin to secure my current project’s backend login and it worked great. Also, the LoginPress is another great plugin.
Thank you so much once again.
Grateful regards 🙂
You’re most welcome, Segun! 🙂
Thank you for the information and advice in this beautiful article; I thank you for the effort.
Very interesting to read this article. I want to thank you for the efforts you had made in writing this excellent article. This article resolved all my queries. Keep it up.
Great post; this will help the beginner users of WordPress. I always want to avoid visitors and unwanted and malicious types getting on my login page. It’s better to use an entirely different login URL.
Hi, Thanks for sharing the content. I genuinely appreciate your information. I will bookmark your site and keep checking weekly for new information.
Thank you for the detailed tutorial. I have a question; I recently set up my website and subdomains. Whenever I try to login to my subdomain admin page, it redirects to my main domain. How to resolve this issue?
I wanted to thank you for your time just for this fantastic read!!
Astra is a good thème for wordpress, now à days clients wants everything fast with quality, why dont astra include option to personalize login page, for personalize branding? so that no need to install third party plugin to solve branding option to everyone..
Thank you for sharing your thoughts, Rai! At present, modifying the Login page isn’t possible with the Astra theme or Pro addon. However, if it becomes feasible in the future, we will certainly consider it.