Title: Changing /wp-admin url path
Last modified: August 20, 2016
---
# Changing /wp-admin url path
* Resolved [simonysandra](https://wordpress.org/support/users/simonysandra/)
* (@simonysandra)
* [13 years ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/)
* Hi, I was wondering if it was possible to change the [http://www.domain.com/wp-admin](http://www.domain.com/wp-admin)
and /wp-login.php paths to something else. I tried this on the wordpress.org
forum but didn’t work:
* [http://wordpress.org/support/topic/how-to-change-the-admin-url-or-wp-admin-to-secure-login?replies=13](http://wordpress.org/support/topic/how-to-change-the-admin-url-or-wp-admin-to-secure-login?replies=13)
* Also it would be interesting that – once you have a new path – if you type /wp-
admin or /wp-login in the url nothing or a 404 is shown. I don’t like hackers
knowing my site is runned by wordpress… What do you think?
* Thank you
* [http://wordpress.org/extend/plugins/bulletproof-security/](http://wordpress.org/extend/plugins/bulletproof-security/)
Viewing 15 replies - 1 through 15 (of 24 total)
1 [2](https://wordpress.org/support/topic/changing-wp-admin-url-path/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/changing-wp-admin-url-path/page/2/?output_format=md)
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [13 years ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3581777)
* Yes, it is possible, but why do you think that has any value at all? You cannot
hide anything from a Bot – that is just not possible to do. Hackers use automated
Bot programs to find whatever they want to find. They will always find whatever
they want to find. 😉
* The best website security method is – Action Approach.
* hacker X does bad action Y and the result is Z = Forbidden.
* PayPal and your online bank do not try and hide things – they use an Action Approach
to website security. 😉
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [13 years ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3582043)
* resolving
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 11 months ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3582164)
* Trying to hide things or changing URL’s is not a legitmate or effective security
measure – it never has been and it never will be. It is myth/misinformation that
has been spread all over the Internet. Does PayPal, eBay or any other reputable
website use hiding tactics – no because they are not real or effective security
measures.
* It is not possible to actually hide anything on the Internet. Automated spammer/
hacker bots can find anything and everything very easily.
* [cscottb](https://wordpress.org/support/users/cscottb/)
* (@cscottb)
* [12 years, 11 months ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3582165)
* If you click on the above link, How to change wordpress admin url, you get a
Sorry … Page Not Found response. lol
* [heart2hack](https://wordpress.org/support/users/heart2hack/)
* (@heart2hack)
* [12 years, 11 months ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3582171)
* [@aitpro](https://wordpress.org/support/users/aitpro/) : if you use plugin than
it will find security holes in your wordpress installation and fix it and tell
you where is the security hole or risk that hacker can get your website information
and hacked….
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 11 months ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3582172)
* [@heart2hack](https://wordpress.org/support/users/heart2hack/) – you’re advertising
another plugin here that I don’t believe is a good plugin. If you want to advertise
that plugin then do it in that plugin’s forum area and not here. Thanks.
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 11 months ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3582173)
* If you really want to do something like this then this plugin does this in a
much better way: [http://wordpress.org/extend/plugins/stealth-login-page/](http://wordpress.org/extend/plugins/stealth-login-page/)
* Note: The plugin author mentions that there are some issues with WP 3.6 that
he is trying to fix ASAP.
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 11 months ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3582174)
* > if you use plugin than it will find security holes in your wordpress installation
> and fix it and tell you where is the security hole or risk that hacker can
> get your website information and hacked….
* I just do not want to have any part in spreading bad information around the Internet.
There is enough of that already to last for 1,000 years. 😉 Thanks.
* I think your tutorial is good by the way.
* [heart2hack](https://wordpress.org/support/users/heart2hack/)
* (@heart2hack)
* [12 years, 11 months ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3582175)
* thanx btw! 🙂
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 8 months ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3582190)
* It is frowned upon to modify/hack WP Core files directly. You can achieve the
exact same thing by using this function in your Theme’s functions.php file without
having to modify/hack the wp-login.php file directly.
* ```
// custom login link/page
function example_custom_login_page() {
if ( $_SERVER['HTTP_REFERER'] != 'http://' . $_SERVER["SERVER_NAME"] . '/workpath/' ) {
header( 'Location: http://' . $_SERVER["SERVER_NAME"] . '/' );
}
}
add_action('login_head', 'example_custom_login_page');
```
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 8 months ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3582191)
* I played around with this and there is a much simpler way to do this all in this
one simple function below without having to muck around with anything else (create
unnecessary folders, redirects, pages, etc.).
* ```
// Simple Query String Login page protection
function example_simple_query_string_protection_for_login_page() {
$QS = '?mySecretString=foobar';
$theRequest = 'http://' . $_SERVER['SERVER_NAME'] . '/' . 'wp-login.php' . '?'. $_SERVER['QUERY_STRING'];
// these are for testing
// echo $theRequest . '
';
// echo site_url('/wp-login.php').$QS.'
';
if ( site_url('/wp-login.php').$QS == $theRequest ) {
echo 'Query string matches';
} else {
header( 'Location: http://' . $_SERVER['SERVER_NAME'] . '/' );
}
}
add_action('login_head', 'example_simple_query_string_protection_for_login_page');
```
* [kimosiris](https://wordpress.org/support/users/kimosiris/)
* (@kimosiris)
* [12 years, 8 months ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3582192)
* Good stuff. If only I could have found that quick and easy method before. The
previous methods earlier in this thread are so complex and just would not work
for me. Thanks for the suggestion.
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 8 months ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3582193)
* Yep, no problem. I was curious about this myself. We have several websites where
we need to allow folks to be able to login so we could not use this code on those
sites, but I am sure there are a lot of folks out there who do not want to allow
other folks to log into their sites – ie register to login to comment, etc. so
this code might be handy for them.
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 8 months ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3582194)
* And another interesting approach would be to have some sort of auto-generated
image file similar to a CAPTCHA with “the secret query string” of the day displayed
in an image file that would not be found by automated hacker bots. The image
file would be displayed to humans so that they would have the query string login.
Of course the inconvenience factor is huge so this would most likely discourage
human visitors from registering to a site anyway.
* [kimosiris](https://wordpress.org/support/users/kimosiris/)
* (@kimosiris)
* [12 years, 8 months ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/#post-3582195)
* Yes a captcha would certainly be good for thwarting bot activity. I don’t require
frontend login right now but it is a fact that the modification will cause a
problem for frontend users.
* A benefit of hacking wp-login.php is when I switch themes the function is still
active, otherwise I will need to remember to place it in each theme’s function
file. Being made as a plugin would solve that though.
Viewing 15 replies - 1 through 15 (of 24 total)
1 [2](https://wordpress.org/support/topic/changing-wp-admin-url-path/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/changing-wp-admin-url-path/page/2/?output_format=md)
The topic ‘Changing /wp-admin url path’ is closed to new replies.
* 
* [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/)
* [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/)
* [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/)
* [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/)
* [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/)
## Tags
* [moving](https://wordpress.org/support/topic-tag/moving/)
* [wp-admin](https://wordpress.org/support/topic-tag/wp-admin/)
* 24 replies
* 7 participants
* Last reply from: [ChangeAgent](https://wordpress.org/support/users/changeagent/)
* Last activity: [12 years, 4 months ago](https://wordpress.org/support/topic/changing-wp-admin-url-path/page/2/#post-3582214)
* Status: resolved