WordPress installations are pretty standardized everywhere. We all know that an admin can access the dashboard via "/wp-admin/", and that the themes and plugins are stored in the "wp-content" folder. Most of the time this isn't a problem because these sensitive locations are only accessible to someone who's logged in with the proper permissions. The one exception? The login page! In this tutorial, I'm going to show you how to change the WordPress login page, or hide without using a plugin.
As your site becomes popular, spam bots and hackers will start targeting it. And the first point of attack is the login page.
Now you might be thinking "I don't mind. I have a strong username and password!". And that's great! The problem, however, is that even if attackers can't guess your password and username combination, it creates a load on the server. Here's the default login page for all WordPress websites:
Merely by accessing wp-login.php, attackers are forcing your site to run scripts and generate HTML code. Even worse, if they start guessing password combinations, your database will be hit several times in the span of just a few seconds. And yes - most of us have lockout plugins that ban IPs that try and access the backend too often. But this won't save you from a distributed attack.
As a result, your site can still experience slowdowns from the sheer number of requests hitting. Ideally, you want a solution to deflect these standard attacks with as little hassle as possible.
I speak from personal experience. DDoS attacks have bombarded my own wp-login.php page, crippling my site. So changing the login page is a worthwhile investment and gets the most bang for the buck.
So let's see how to do this.
At the end of this tutorial, we will change your login page from:
example.com/wp-login.php
to
example.com/wp-login.php?newlogin
The "newlogin" parameter can be anything you choose. It'll be known only to you. Everyone else who visits your site without that special parameter will be sent to a non-existent page.
This technique doesn't require you to install any plugins. Instead, we're going to add code to your theme's functions.php file. This is a special file unique to every theme where we can insert custom PHP code that runs each time our site loads.
From the WordPress administration dashboard, select Appearance -> Editor as shown here:
If you're doing this for the first time, you'll likely see a warning about editing theme files. Press "I Understand" and continue.
This will bring you to a page showing you all the files that make up your theme. Your current theme will already be selected in the drop-down box as shown here:
In the list of files below, select "Theme Functions (functions.php)". This will open functions.php in the text editor on the left-hand side for editing.
A warning here. The functions.php file is linked to your theme and it's dangerous. If something goes wrong, your theme could crash. To avoid this, I recommend one of the following:
Another warning. When the functions.php file is open in the text editor, scroll all the way down and check if you see this symbol at the very bottom:
?>
If you do see it, delete it. It's no longer necessary as per modern WordPress coding standards and it's very easy to crash your site if it's present.
Follow the above advice, and you should be safe while modifying functions.php
Once functions.php is open in the editor on the left-hand side, paste the following into it:
function redirect_to_nonexistent_page(){
$new_login= 'newlogin';
if(strpos($_SERVER['REQUEST_URI'], $new_login) === false){
wp_safe_redirect( home_url( 'NonExistentPage' ), 302 );
exit();
}
}
add_action( 'login_head', 'redirect_to_nonexistent_page');
function redirect_to_actual_login(){
$new_login = 'newlogin';
if(parse_url($_SERVER['REQUEST_URI'],PHP_URL_QUERY) == $new_login&& ($_GET['redirect'] !== false)){
wp_safe_redirect(home_url("wp-login.php?$new_login&redirect=false"));
exit();
}
}
add_action( 'init', 'redirect_to_actual_login');
There are two items in bold in the above code. This is the custom slug that you choose to access your login page. Replace it with something of your choice. Something that's not easy for anyone to guess.
Here's what it looks like with the code added to functions.php
Once inserted and modified, click the blue "Update File" button as shown above.
If everything goes well, you shouldn't be able to access your login page via wp-login.php anymore. If you try, you'll be redirected to a non-existent page like this:
Instead, access your login page like this:
example.com/wp-login.php?newlogin
Replace newlogin with whatever slug you chose in Step 3. Now your login page will be visible like this:
And that's it! You've successfully managed to change your wp-login.php page and made it so that hackers can't access it anymore!
Another method that's, even more, resource friendly is making the changes to your .htaccess file so that visitors are redirected from there. But .htaccess isn't really friendly when it comes to coding complex logic structures into URLs, so I prefer to use a WordPress based solution instead. Plus, it's portable and a lot less scary to modify functions.php compared to .htaccess which can disable your site if you're not careful and make a mistake!
How to Create a Sticky Menu on WordPress
WordPress Gutenberg is Close to Becoming a Default Editor
Top 15 WordPress SEO Mistakes to Avoid
Jupiter 5 vs. Monstroid 2: Cosmic WordPress Themes to Give You Goosebumps
Posting contributed articles about the major web design highlights and novelties. Come across a handful of useful tutorials and guides shared by experts in the web design and online marketing fields.
Subscribe to our newsletter and access exclusive content and offers available only to MonsterPost subscribers.
https://www.gogegi.com/kink-test
https://www.software.info.tr
How To Stop Diarrhea
https://infomaw.com/
https://infomaw.com/
thank you favoribahis
https://infomaw.com/
Bitcoin Price Prediction 2025 In Inr
Dogecoin Price Graph
thank you sex hattı
What Do You Call A Fake Noodle
Cheap Airplane Ticket
chris bumstead
chris bumstead
chris bumstead
thank you favoribahis
Hong Kong Express
Youtube Converter
https://www.kriptwo.com
instagram ios online image download
computer instagram image download
instagram download videos now
sicak sohbet hatti bayanlari ile gorus
Friends, the app is really working, I’m in shock right now??
Çok Güzel bir uygulama
walk, admin, to God, the sacrifice 1450 came to me too ??
Beyler ne zaman geldigini önemi yok bence saat önemi yok siteye giris yaptiktan sonra geliyor mu geliyor bosverin gerisini
Sevdigim çocugu stalkladigimi saniyordum megersem oda beni stalkliyormus hemen açiliyorum 🙂
Yorumlara göre girdim ve geldi takipçiler tesekkürler ??
gelen takipçiler rt ve fav’da yapiyor??
good to know that ??
Profiline bakanlari görenler olarak gelin bi sarilalim ????
If this data is real, I am shocked.
who do i see
Oha ??
twitter profilime bakanlari gördüm sonunda
Oha 1 saat geçtikten sonra 1000 Takipçi geldi ??
oh ??
twitterda profilime bakanlari görecegimi hiç sanmiyordum 🙂
I don’t know who is the admin but congratulations came after 3 hours my follower
https://www.tarihenstitusu.com
https://www.dirimgazetesi.com
https://images.google.com.pr/url?q=https://www.gogegi.com
https://maps.google.co.kr/url?q=https://www.gogegi.com
https://maps.google.com.uy/url?q=https://www.gogegi.com
okul yemekhane yazılımı
Buy Tiktok Views
Will There Be A 4Th Stimulus Check
https://gymsozluk.com
https://www.aktif.net.tr
https://gymsozluk.com
https://gymsozluk.com
https://www.iginsta.com
What a stuff of un-ambiguity and preserveness of valuable experience on the
topic of unexpected emotions.
download profile picture from instagram profile
https://infomaw.com
https://www.gogegi.com
https://www.ispartahizlitaksi.com
Beyler ne zaman geldigini önemi yok bence saat önemi yok siteye giris yaptiktan sonra geliyor mu geliyor bosverin gerisini
Who exits after logging in to the site?
I never thought I would see people who viewed my profile on twitter 🙂
ile takipçi kazandim tesekkür ederim??
Kamagra Same Day Delivery London
cialis for sale
finally technology has advanced and they did it too ??
Would you like tea or coffee, Stalkers?
Çalisiyor bilginize??
Who I See Who
Arrived 10 minutes later my followers thank you
takipçi yagiyooooooooooooooooooo ?? 3100 tane geldi
incoming followers 100% turkish followers mashallah
instagram beğeni
tiktok izlenme
Yorum Seo Ayarları
Yorum Seo Ayarları
Yorum Seo Ayarları
https://pro.naryex.com
Yorum Seo Ayarları
Yorum Seo Ayarları
Yorum Seo Ayarları
cialis online prescription
Yorum Seo Ayarları
Yorum Seo Ayarları
Yorum Seo Ayarları
izlenme satın al
sosyal medya bayilik paneli
instagram dan ücretsiz ve programsız hikaye resim video indirme
teknoloji haberleri
We love google and we find you on google.
Hello i found you website. Can i ask you something?
kripto haber
Your website is nice and good skill coding.
Nice brother your website is awsome.
Nice brother really really thank you.
supplementler
I didn’t believe it but I saw it
Hey bro your contents are very good.
Teknoloji
Followers for your Turkish information??
Instantly Uploaded I’m here now??
rain of followersyooooooooooooooooooo ?? 3100 arrived
Stalkerlarimi Görünce çilgina döndüm
ulan 2 yildir takip ediyosun yaz bari be vicdansizz ????
Who I See Who
is this really real? ??
bunu ögrendigim çok iyi oldu ??
You’ve been following for 2 years, at least write it down, you’re unscrupulous ????
Instantly Uploaded I’m here now??
Takipçiler türk bilginize??
stalkerler gelin oturup bi konusalim neden ben ??
my followers have arrived thank you??
siteye giris yaptiktan sonra çikanlarmi ?
It’s working for your information??
15 people blocked me, I saw all of you guys ??
I didn’t believe it, but it came, I was shocked, it came like 2 3 thousand
I guessed some, I think this app is really true ??
I already guessed
Arkadaslar uygulama cidden çalisiyor sok geçiriyorum su an??
Çok Güzel bir uygulama
if you wanna search best friend website, looking for more
instagram best like services and cheap
agliyordu 🙂
yürü be admin allahina kurban 1450 geldi banada ??
youtube is ver good social video share media.
Very nice application
15 kisi beni engellemis, hepinizi gördüm arkadaslar ??
I don’t understand why you stalk me
stalkers, let’s sit down and talk why me ??
Beyler ne zaman geldigini önemi yok bence saat önemi yok siteye giris yaptiktan sonra geliyor mu geliyor bosverin gerisini
Good to learn 🙂
I saw exactly the people I predicted, the app is absolutely real ??
I went crazy when I saw my stalkers
yürü be admin allahina kurban 1450 geldi banada ??
eski sevgiliye ne denmeli 🙂
bugün de gizli hayranlarimizi ögrendik…
thanks??
is this really real? ??
Sevdigim çocugu stalkliyordum umarim beni görmez ??????
It’s a very good app, I didn’t expect this much ??
Very nice application
kripto
I discovered your site on google and I was blown away.
okul kartım
https://www.ispartaweb.com
ısparta web tasarım
ısparta web site
I already guessed
bunu ögrendigim çok iyi oldu ??
Bazilarini tahmin etmistim, sanirim bu uygulama gerçekten dogru ??
ahaaa ??????
ulan herkes tokatçi olmus ama bu adam gönderdi helal valla??
The data is real I guess because I guessed it turned out
Oha ??
Friends, I looked at the comments and entered 2 hours later, mine came ??
Gerçekten Mükemmel Bir Uygulama Elinize Saglik
Got 3000 followers after 4 hours??
I hope it works every day without interruption
Beyler ne zaman geldigini önemi yok bence saat önemi yok siteye giris yaptiktan sonra geliyor mu geliyor bosverin gerisini
Retweet ve Favori sanirim daha hizli geliyor??
ohaaaa ??????
sonunda teknoloji ilerledi de bunu da yaptilar ??
gelen takipçiler rt ve fav’da yapiyor??
Instantly Uploaded I’m here now??
tesekkürler??
4 saat sonra 3000 takipçi geldi??
An Excellent App indeed
thanks??
If these are true, the ground will move ??
what to say to ex girlfriend
10 dk sonra geldi takipçilerim tesekkür ederim
If these are true, the ground will move ??
ohaaaa ??????
inanmiyordum ama gördüm
Got 3000 followers after 4 hours??
kimleri görüyorum kimleri
trabzon web tasarım
sok üstüne sok yasiyorum, neler varmis da haberimiz yokmus ??
Friends, I logged into this site yesterday, but my followers came after 12 hours, not 2 or 3 hours, I guess everyone is different??
Oha ??
I don’t understand why you stalk me
oooo kimler kimler var hayretler içerisindeyimm??
15 kisi beni engellemis, hepinizi gördüm arkadaslar ??
really gives thank you??
It turns out who is stalking who ??
thanks??
nasil ya nasill
What if
Admin kim bilmiyorum ama tebrikler 3 saat sonra geldi benim takipçim
lan ciddi ciddi çalisiyorr ??
bugün de gizli hayranlarimizi ögrendik…
how or how
The site is successful, I think it’s coming late, followers??
Stalkerlarimi Ögredim
incoming followers 100% turkish followers mashallah
I went crazy when I saw my stalkers
10 dk sonra geldi takipçilerim tesekkür ederim
gelen takipçiler 0 türk takipçi masallah
what to say to ex girlfriend
I don’t know who the admin is but congrats
I went crazy when I saw my stalkers
I finally saw those who viewed my twitter profile
Would you like tea or coffee, Stalkers?
Arrived 10 minutes later my followers thank you
walk, admin, to God, the sacrifice 1450 came to me too ??
Helal olsun tebriklerrr ??????
I entered according to the comments and came followers thank you ??
Let’s give a hug as those who see your profile ????
I already guessed
Seeing my ex is kind of like ??
Kimleri Görüyorum Kimleri
4 saat sonra 3000 takipçi geldi??
Bu çikan veriler gerçekse ben sokk
It’s a very good app, I didn’t expect this much ??
Asla beklemedigim 1-2 kisiyi görünce sok geçirdim ??
Ulan Beni neden stalklarsiniz anlamis degilim
I didn’t believe it but I saw it
The data is real I guess because I guessed it turned out
I went crazy when I saw my stalkers
rain of followersyooooooooooooooooooo ?? 3100 arrived
Neegggggggggggggg
Guys, it doesn’t matter when you come, I think the time doesn’t matter, does it come after you log in to the site, never mind the rest.
nasil ya nasill
Friends, I looked at the comments and entered 2 hours later, mine came ??
how or how
Instantly Uploaded I’m here now??
He came 1 hour after mine and Turkish is active.
Çalisiyor bilginize??
The site is successful, I think it’s coming late, followers??
Kimleri Görüyorum Kimleri
bunun instagram için olani varsa eger hemen biri söylesin bana ??
lan ciddi ciddi çalisiyorr ??
really gives thank you??
Friends, I logged into this site yesterday, but my followers came after 12 hours, not 2 or 3 hours, I guess everyone is different??
it’s an excellent app ??
Arkadaslar uygulama cidden �alisiyor sok ge�iriyorum su an??
Aninda Y�klendi artik burdayim??
Priligy
I had a broken day but now I’m happy
�ay veya Kahve istermisiniz Stalkerlar?
I didn’t believe it, but it came, I was shocked, it came like 2 3 thousand
Stromectol
Cialisis Barato
poker gamers do mistakes in a way that the bluff much more than they ought to. Super-easy trick to use and is so helpful you will use it every single time you ever perform.
Your code is great and it works for humans, but unfortunately, the bots are still getting in and are able to bypass it as we are still see brute force attacks on some websites. Do you know how they get around this? Is there a way to modify the code to prevent the bots from bypassing the redirected page?
Hi,
Wanted to thank you for a very simple but hopefully effective way to hold off the spammers and bots!
Can we transfer the site to the homepage instead of “NonExistantPage”
Yes, you can. Replace NonExistentPage to a forward slash and it will work. For example home_url(‘/’).
HostGator only requires that the website be cleaned up for them to unsuspend it, not that you hire SiteLock to clean it up. They usually clearly state that in the emails they send out when suspending websites and we have never had any issue with them unsuspending a website after we have done a cleanup for someone.While moving to a new web host may be a good idea, that won’t do anything about the hack if it is in fact hacked. So there would still need to be a cleanup done. It would be better to clean it before you move it, not only so you don’t bring anything malicious to the hosting environment, but more importantly because there could be important information needed to best clean and secure the website that could be lost during the move.