WordPress is prone to attacks; brute force attacks, xmlrpc attacks, and attacks exploiting plugin and theme vulnerabilities. If you’re using WordPress it’s very likely that your WordPress site and login page is getting attacked hundreds if not thousands of times a day. It’s very easy for hackers and blackhat individuals to target WordPress because 1) they know the file structure and 2) it’s the most widely used CMS (Content Management System) in the world.
Most web hosting providers have security and monitoring in place behind the scenes to protect you from these sorts of attacks. Just because your web host has you covered doesn’t mean there are other ways to further protect your WordPress site. You can never be too careful protecting your WordPress site from attacks. In this article we’re going to show you how to create and change the WordPress login page without the use of a plugin. Remember, plugins add bloat to your site so avoiding the addition of another plugin is always recommended. This is a straightforward process which doesn’t take long that non-technical individuals can even accomplish.
You’ll need to access cPanel to follow the steps below. If do not know your cPanel information, you can refer to the Welcome email that was sent to you when you first signed up. If you forgot your cPanel password, you can change and update your cPanel password inside of your billing dashboard.
- Create a New Login File
- Copy Code from wp-login.php
- Find and Replace wp-login.php Text
- Delete the wp-login.php File
- Login Using Your New URL
1. Create a New Login File
WordPress is written using PHP. In order for WordPress to function out of the box it has many core files and directories. Your WordPress login page references a PHP file (wp-login.php) that allows you to access the /wp-admin/ or wp-login.php page to log into your WordPress dashboard. In short, the wp-login.php contains code that handles the process that enables you to log into your site.
To create a new login file you’ll need to access the File Manager inside of the control panel (cPanel). This will open a new browser tab opening the File Manager.
You’ll need to navigate to your public_html or the document root of your addon domain or subdomain. This is where your WordPress core files reside and where you’ll find the wp-login.php file.
Once you’ve navigated to the public_html or document root you’ll need to create a new PHP login file. You can name this file anything you want. In this example, we’re going to name ours ph-login.php. Click the + File link to create your file.
A popup will appear. Name your file with .php at the end of the name and click Create New File. You will see the file in your public_html or document root.
Next, you’ll need to edit that file with the contents of the wp-login.php.
2. Copy Code from wp-login.php
The original wp-login.php file should still be in your public_html or document root. Select that file and click edit to view the PHP code inside of that file.
Select all of the code (ctrl + a), copy the code (ctrl + c), and paste it (ctrl + v) into a text document on your computer. We recommend Notepad++, but any text editor will do (e.g., Notepad or Textpad). Do not use Microsoft Word because it may add additional spaces or characters to the code.
3. Find and Replace wp-login.php Text
After pasting the code into the text editor, select all of the code and press (ctrl + h). In most text editors this should trigger the find and replace feature. Fill the Find what with wp-login.php and Replace with with the new PHP login file name you created in the previous step.
Click the Replace All button and you should see (at the time of this writing) that there were 12 occurrences of wp-login.php in the code that was replaced with your new file name.
Copy the code from your text editor, edit your new PHP login file, and paste the code into that file. Click the Save Changes button in the upper right.
4. Delete the wp-login.php File
Now that you’ve saved the code into the new PHP login file you’ll want to delete the wp-login.php file. Right click the file and click the Delete from the drop down menu.
5. Login Using Your New URL
You can now access the new login page in your browser. If you attempt to go to the default yourdomain.com/wp-admin/ or yourdomain.com/wp-login.php pages you will be met with a File not found. message in your browser window.
If you access the new login URL you’ll be met with the WordPress login screen that you’re used to seeing. The only difference being the URL you use to access it with.
Now you’ve successfully changed the WordPress login URL without the use of a plugin.