To secure a WordPress website, changing the default login URL is, in my opinion, an essential step. Additionally, this was requested by a member of a group, so today I’m sharing a PHP code that helps you change the default WordPress login URL smoothly without using a plugin.
Advantages:
- No impact on website speed
- No need for plugins
- No direct modification of the
wp-login.phpfile, ensuring WordPress updates don’t affect the change”
Code to change the WordPress login URL
Please add the following code to the functions.php file of your child theme.”
// change the login URL for wp ohhmua.com
// define login URL.
define('PASSCODE','loginlink');
function mask_login_url(){
// redirect to login page when passcode is verified
if( !is_user_logged_in() && parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY) == PASSCODE ){
wp_safe_redirect( home_url('wp-login.php?'. PASSCODE .'&redirect=false') );
exit();
}
// redirect to dashboard if the user is logged in
if( is_user_logged_in() && parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY) == PASSCODE ){
wp_safe_redirect( home_url("wp-admin") );
exit();
}
}
add_action( 'init', 'mask_login_url');
function mask_login_redirects(){
if( isset($_POST['passcode']) && $_POST['passcode'] == PASSCODE) return false;
// redirect to dashboard when /wp-admin is accessed and the user is logged in
if ( (is_user_logged_in()) && (strpos($_SERVER['REQUEST_URI'], 'wp-admin') !== false)) {
wp_safe_redirect( home_url("wp-admin"), 302 );
exit();
}
// redirect to homepage when accessing /wp-admin or /wp-login and user is not logged in
if ( (!is_user_logged_in()) && ((strpos($_SERVER['REQUEST_URI'], 'wp-admin') !== false) || (strpos($_SERVER['REQUEST_URI'], 'wp-login') !== false)) && ( strpos($_SERVER['REQUEST_URI'], PASSCODE) === false ) ) {
wp_safe_redirect( home_url(), 302 );
exit();
}
// redirect to homepage after logout
if( strpos($_SERVER['REQUEST_URI'], 'action=logout') !== false ){
check_admin_referer( 'log-out' );
wp_logout();
wp_safe_redirect( home_url('?logged-out'), 302 );
exit();
}
}
add_action( 'login_init', 'mask_login_redirects', 1);
// Add hidden passcode field to the login form
function custom_login_hidden_field(){
echo '<input type="hidden" name="passcode" value="'. PASSCODE .'" />';
}
add_action('login_form', 'custom_login_hidden_field');
// change the login URL for wp ohhmua.com end
In the line define('PASSCODE','loginlink');, replace 'loginlink' with the login path you want.
After adding the code, your login URL will be as follows:https://yourwebsite.com/admin?loginlink or https://yourwebsite.com/wp-admin?loginlink, which means you just add ?loginlink.
Final note:
I have tested this code multiple times and it has successfully worked on my demo website, so you can use it with confidence. If you encounter any issues during the process, feel free to contact me.
Hi, I’m Nghia Vo: a computer hardware graduate, passionate PC hardware blogger, and entrepreneur with extensive hands-on experience building and upgrading computers for gaming, productivity, and business operations.
As the founder of Vonebuy.com, a verified ecommerce store under Vietnam’s Ministry of Industry and Trade, I combine my technical knowledge with real-world business applications to help users make confident decisions.
I specialize in no-nonsense guides on RAM overclocking, motherboard compatibility, SSD upgrades, and honest product reviews sharing everything I’ve tested and implemented for my customers and readers.
