How To Change WordPress Login URL Without A Plugin

Blog Inbox
4 min readMay 10, 2022


Illustration by Icons 8 from Ouch!

WordPress is a very popular CMS which is awesome, but it also brings in a few problems. One of them is that most people know that the login URL for most WordPress sites is “/wp-login”. This means that a lot of malicious attackers might want to try to access your site to install their own code. One of the simplest ways to stop this and bots that scan the internet is by simply changing the URL of your WordPress login so they cant find it. But how do you do this? How do you change the WordPress login URL without using a plugin? Let’s find out.

Table of Contents

Step #1 — Log in to your server and find wp-login.php

First head on to your server where you are hosting your WordPress site and locate your WordPress installation. In WordPress find the “wp-login.php” file. The file should be located at the root of your WordPress installation. Usually in the “public_html” folder

Step #2 — Download and edit wp-login.php

After locating the file, download it and open it with a text editor. Next, find and replace all mentions of “wp-login.php” in the code. In our case, we wanted to call the login page “hidden-signing”, so we have replaced all mentions of “wp-login.php” with “hidden-signin.php“.

Note — You can name the “hidden-signing.php” to whatever you might want your log-in page to be called.

Step #3 — Rename wp-login.php

Now that we have replaced all the “wp-login.php” in the file we downloaded we need to rename it. In this case, the file name will be “hidden-signin.php” or if you used a different name then rename the “wp-login.php” file with the name you used in the previous step.

Step #4 — Load the new file to WordPress

After edits and renaming the file we can finally reload it back to our server in the WordPress folder. Don’t forget to delete the old wp-login.php so it doesn’t affect the new login page.

Note! — Before deleting the old wp-login.php we recommend downloading it one more time as a backup.

Step #5 — Add code to functions.php

The final step we need to make our new login page work is to add a piece of code to our theme’s “function.php” file. This code will do the final redirect through the WordPress login_url hook. Replace the “hidden-signin.php” with the filename you chose if you didn’t use the same as we did in our example.

* Change WP Login file URL using "login_url" filter hook
add_filter( 'login_url', 'custom_login_url', PHP_INT_MAX );
function custom_login_url( $login_url ) {
$login_url = site_url( 'hidden-signin.php', 'login' );
return $login_url;

… and you’re done. Now your new login page should be “” or whatever you might have named it.


Changing the WordPress login URL is an easy task as long as you know what you are doing and it’s a great way to hide the login form from unwanted eyes and bots. It also helps to create that one extra layer of defense between you and all the malicious parties that might want to try to gain access to your site. It might not be a huge addition to your WordPress site’s security, but every step towards better WordPress security matters. In the end, it all comes down to the one question, why make it easy for those who should want to try to gain unauthorized access.

Disclosure: In compliance with the FTC guidelines, please assume the following links: Any/all of the links on this post are affiliate links from which we receive a small compensation from sales of certain items.

Prices are exactly the same for you if your purchase is through an affiliate link or a non-affiliate link. You will not pay more by clicking through to the link.