Title: FEATURE REQUEST – Custom wp-admin.php naming Last modified: August 19, 2016 --- # FEATURE REQUEST – Custom wp-admin.php naming * Resolved [WordyPresser](https://wordpress.org/support/users/jeremyduffy/) * (@jeremyduffy) * [15 years, 1 month ago](https://wordpress.org/support/topic/feature-request-custom-wp-adminphp-naming/) * I’ve hidden the link to my administration page (the login button), but that doesn’t matter because the bad guys know to just load [http://www.mysite.com/wp-admin](http://www.mysite.com/wp-admin). What if we could specify in code somewhere or options a different, custom name for our administration page? Like maybe I call mine florby.php? * This would require that the code be altered to point to a variable instead of being hard-coded for wp-admin, but it’s not a terribly horrible request I figure. * Am I right in thinking this would make it just a little bit harder for evil-doers? Viewing 4 replies - 1 through 4 (of 4 total) * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [15 years, 1 month ago](https://wordpress.org/support/topic/feature-request-custom-wp-adminphp-naming/#post-2053425) * Yes, but not enough harder. Security through obscurity doesn’t help as much as it should, since at some point, you have to access the URL, and it can get scraped. * See [http://codex.wordpress.org/Hardening_WordPress#Securing_wp-admin](http://codex.wordpress.org/Hardening_WordPress#Securing_wp-admin) for better ways to protect your wp-admin section. * Thread Starter [WordyPresser](https://wordpress.org/support/users/jeremyduffy/) * (@jeremyduffy) * [15 years, 1 month ago](https://wordpress.org/support/topic/feature-request-custom-wp-adminphp-naming/#post-2053612) * Clearly this isn’t a foolproof option, but I believe it would significantly reduce the bad-guy’s ability to script their attacks. Either that or make the attacks more noticeable since they’d first have to find the administration page. * Even better, I could code my page to trap anyone or block them if they try to load wp-admin. * There are a lot of options so I’d like to see this implemented if possible. * But I hadn’t seen that link before so thanks for that 🙂 * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [15 years, 1 month ago](https://wordpress.org/support/topic/feature-request-custom-wp-adminphp-naming/#post-2053618) * The amount of work that would go into making that doable is not-insignificant, and the number of attacks it would prevent would be so small as to make the effort basically wasted. * [http://codex.wordpress.org/Hardening_WordPress#Security_through_obscurity](http://codex.wordpress.org/Hardening_WordPress#Security_through_obscurity) explains what you CAN do that way to make it a bit safer, but if I could find the link, I’d toss you to the one which explains why your theory, while sound, simply doesn’t work in the long run and is wasted effort. It IS a great idea, but it doesn’t consider the fact that most attacks are via bots, who know very well how to scan :/ * I’d suggest, instead of putting in that effort, to make sure of the following: * 1) My SERVER has good security – That if someone logs in as me, they can only screw up ME and not anyone else on the server. 2) My server has a good firewall. 3) That I’m using good file/folder permissions 4) I have a good password 5) I’m not doing something stupid (like the ONE time my server was hacked, I was on a non-virus protected Windows XP box, and I saw a weird pop-up. I KNEW I should use ssh/sftp but I didn’t. I was an idiot). * For plugins, try things like Login Lockdown and Bad Behavior to stop hack attempts. Also consider these: [http://www.wptavern.com/top-5-wordpress-security-tips-you-most-likely-dont-follow](http://www.wptavern.com/top-5-wordpress-security-tips-you-most-likely-dont-follow) * There’s a LOT you can do to make things safer, but moving wp-admin won’t help in the long run, since that’s generally NOT the point of attack anyway. * Thread Starter [WordyPresser](https://wordpress.org/support/users/jeremyduffy/) * (@jeremyduffy) * [15 years, 1 month ago](https://wordpress.org/support/topic/feature-request-custom-wp-adminphp-naming/#post-2053626) * Ipstenu: if you what you say is true that it would be difficult and not very useful, then nevermind. * I’ll check out the plugins too, but I sure wish I could SSL to my admin page 🙁 * My server charges extra for SSL certificates (but luckily not for secure FTP) Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘FEATURE REQUEST – Custom wp-admin.php naming’ is closed to new replies. ## Tags * [admin](https://wordpress.org/support/topic-tag/admin/) * In: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/) * 4 replies * 2 participants * Last reply from: [WordyPresser](https://wordpress.org/support/users/jeremyduffy/) * Last activity: [15 years, 1 month ago](https://wordpress.org/support/topic/feature-request-custom-wp-adminphp-naming/#post-2053626) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics