PluginsArmorProCitedProBoostPro
PricingDocsBlogAboutGet Started

Custom Login URL

Hide wp-login.php and set a custom login slug.

Last updated Feb 3, 2025

Why Change Your Login URL?

By default, WordPress uses /wp-login.php and /wp-admin for login. Since every WordPress site uses these URLs, automated bots constantly scan them for vulnerabilities.

Changing your login URL:

  • Eliminates automated bot traffic to your login page
  • Reduces server load from brute force attempts
  • Adds an extra layer of obscurity

Note

Custom login URLs are "security through obscurity" — they reduce automated attacks but won't stop a determined attacker. Always use strong passwords and 2FA as your primary protection.

Setting Up Custom Login URL

  1. Go to ArmorPro → Login
  2. Enable Custom Login URL
  3. Enter your desired login slug (e.g., my-secret-login)
  4. Click Save Changes

Your new login URL will be: https://yoursite.com/my-secret-login

Choosing a Good Slug

  • Do: Use something memorable but not obvious
  • Do: Use lowercase letters, numbers, and hyphens
  • Don't: Use "login", "admin", "secure", or similar obvious words
  • Don't: Use your name or business name

Good examples: portal-2024, access-panel, team-entry

What Happens to wp-login.php?

When custom login URL is enabled:

  • /wp-login.php returns a 404 error
  • /wp-admin redirects to the custom login URL (when not logged in)
  • All login links in WordPress automatically use the new URL
  • Password reset links work normally

Caching Considerations

ArmorPro adds no-cache headers to the login page to prevent caching plugins from caching it. However, you may need to:

  1. Clear your caching plugin's cache after changing the URL
  2. Clear server-level cache (Varnish, nginx, etc.)
  3. Clear CDN cache (Cloudflare, etc.)
  4. Exclude the login URL from caching rules

Important Notes

Bookmark Your New URL

After changing your login URL, bookmark it immediately. If you forget it, you'll need FTP access to disable the plugin.

Update Team Members

Make sure all users who need to log in know the new URL.

Plugin Compatibility

Some plugins hardcode links to /wp-login.php. If you find broken login links after enabling this feature, check the plugin settings or contact the plugin author.

Troubleshooting

Can't access login page

If you can't reach your custom login URL:

  1. Clear all caches (browser, plugin, server, CDN)
  2. Go to Settings → Permalinks and click Save (flushes rewrite rules)
  3. If still not working, use FTP to rename the plugin folder temporarily

Forgot the custom URL

  1. Connect via FTP/SFTP
  2. Navigate to /wp-content/plugins/
  3. Rename armorpro to armorpro-disabled
  4. Log in at /wp-login.php
  5. Rename the folder back and check your settings
Previous← Country BlockingNextAdvanced Security Headers →