To secure a WordPress website, changing the default login URL is, in my opinion, an essential step. Additionally, this was requested by a member of a group, so today I’m sharing a PHP code that helps you change the default WordPress login URL smoothly without using a plugin.
Advantages:
- No impact on website speed
- No need for plugins
- No direct modification of the
wp-login.php
file, ensuring WordPress updates don’t affect the change”
Code to change the WordPress login URL
Please add the following code to the functions.php
file of your child theme.”
// change the login URL for wp ohhmua.com
// define login URL.
define('PASSCODE','loginlink');
function mask_login_url(){
// redirect to login page when passcode is verified
if( !is_user_logged_in() && parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY) == PASSCODE ){
wp_safe_redirect( home_url('wp-login.php?'. PASSCODE .'&redirect=false') );
exit();
}
// redirect to dashboard if the user is logged in
if( is_user_logged_in() && parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY) == PASSCODE ){
wp_safe_redirect( home_url("wp-admin") );
exit();
}
}
add_action( 'init', 'mask_login_url');
function mask_login_redirects(){
if( isset($_POST['passcode']) && $_POST['passcode'] == PASSCODE) return false;
// redirect to dashboard when /wp-admin is accessed and the user is logged in
if ( (is_user_logged_in()) && (strpos($_SERVER['REQUEST_URI'], 'wp-admin') !== false)) {
wp_safe_redirect( home_url("wp-admin"), 302 );
exit();
}
// redirect to homepage when accessing /wp-admin or /wp-login and user is not logged in
if ( (!is_user_logged_in()) && ((strpos($_SERVER['REQUEST_URI'], 'wp-admin') !== false) || (strpos($_SERVER['REQUEST_URI'], 'wp-login') !== false)) && ( strpos($_SERVER['REQUEST_URI'], PASSCODE) === false ) ) {
wp_safe_redirect( home_url(), 302 );
exit();
}
// redirect to homepage after logout
if( strpos($_SERVER['REQUEST_URI'], 'action=logout') !== false ){
check_admin_referer( 'log-out' );
wp_logout();
wp_safe_redirect( home_url('?logged-out'), 302 );
exit();
}
}
add_action( 'login_init', 'mask_login_redirects', 1);
// Add hidden passcode field to the login form
function custom_login_hidden_field(){
echo '<input type="hidden" name="passcode" value="'. PASSCODE .'" />';
}
add_action('login_form', 'custom_login_hidden_field');
// change the login URL for wp ohhmua.com end
In the line define('PASSCODE','loginlink');
, replace 'loginlink'
with the login path you want.
After adding the code, your login URL will be as follows:https://yourwebsite.com/admin?loginlink
or https://yourwebsite.com/wp-admin?loginlink
, which means you just add ?loginlink
.
Final note:
I have tested this code multiple times and it has successfully worked on my demo website, so you can use it with confidence. If you encounter any issues during the process, feel free to contact me.