Change WordPress Login URL Without Plugin (Secure Your Site in 1 Minute)

Hackers love to target /wp-login.php — the default login page for every WordPress website.
If your site uses the same URL, you’re already halfway open to brute-force attacks. 😱

Let’s fix that.

In this post, you’ll learn how to change your WordPress login URL without any plugin — just a simple code snippet you can add to your theme.

No plugin. No bloat. Just pure PHP. ⚡

💻 The Code to Change WordPress Login URL

Add this snippet to your functions.php (child theme) or Code Snippets plugin:

// 🔐 Change WordPress Login URL (no plugin needed)
add_action('init', function(){
    $custom_slug = 'secure-login'; // 👉 Change this slug to your own

    $file = basename($_SERVER['SCRIPT_FILENAME']);

    // Block default login/admin
    if (($file === 'wp-login.php' || $file === 'wp-admin')
        && !(defined('DOING_AJAX') && DOING_AJAX)) {
        wp_redirect(home_url());
        exit;
    }

    // Allow only custom slug
    if (strpos($_SERVER['REQUEST_URI'], $custom_slug) === false
        && $file === 'wp-login.php') {
        wp_redirect(home_url());
        exit;
    }
});

🧩 How to Use the Code

1. Copy the above snippet.
2. Paste it inside your child theme’s functions.php file or the Code Snippets plugin.
3. Change this line: $custom_slug = 'secure-login'; to your own custom login path (e.g., mysecretdoor, admin-access, etc.).
4. Now your login URL becomes:
   👉 https://yoursite.com/secure-login

🚀 Result

After adding this code:

• The default login page /wp-login.php and /wp-admin become inaccessible.
• Only your custom slug (like /secure-login) will work.
• Hackers won’t even find your login page anymore. 🔥

✅ Simple, effective, and plugin-free.

💡 Why You Should Hide wp-login.php

Every WordPress site has the same entry point — /wp-login.php.
Bots and hackers constantly try random usernames and passwords here to break in.

By changing the login URL, you:

• 🔒 Block brute-force attacks
• 🚀 Reduce server load (no failed login hits)
• 🧠 Add a smart security layer without plugins
• 💡 Keep your WordPress lightweight

⚙️ Bonus Tips for Extra Security

• Use strong passwords and 2FA (two-factor authentication).
• Change your admin username to something unique.
• Limit login attempts using a custom function or plugin.
• Always keep WordPress core, plugins, and themes updated.

For deeper hardening tips, check WordPress.org’s official security guide. 🔗

🌍 Bangla Tip for Local Developers 🇧🇩

👉 /wp-login.php ইউআরএল হাইড করে দিন!
একটা কাস্টম লগইন স্লাগ দিন — যেমন /secure-login বা /mydoor
তাহলে হ্যাকাররা আপনার সাইটের দরজা খুঁজে পাবে না 😎

Security First 🛡️ Always!

✅ Conclusion

With this quick snippet, you can change your WordPress login URL without plugin and instantly strengthen your site’s security.

No more bot attacks on /wp-login.php.
No more wasted bandwidth.

💡 Sometimes, small tweaks bring the biggest protection.

📘 FAQ

Q1: Can I still access my dashboard?
Yes! Use your new custom slug, e.g., /secure-login.

Q2: What if I forget my custom login URL?
You can always reset it from your hosting File Manager or FTP by editing functions.php.

Q3: Will this work with all themes?
Yes, it works with any WordPress theme.

Q4: Is it safe to edit functions.php directly?
Use a child theme or the Code Snippets plugin to avoid losing changes during theme updates.