Re-name Your WordPress Login Area

A file with a lock over it to symbolize security

A file with a lock over it to symbolize securityOne of the most common ways that people attack WordPress sites is via the wp-login.php file.

Hackers try a “brute force attack” where they simply go to your login page and try to login as many times as they can. They try to login to your site using a masterlist of common usernames and passwords.

Every time they access that login page it adds stress to your server. If they’re accessing the page multiple times per second, it can significantly slow or even crash your site.

In this video, Topher shows you how to solve this problem via a plugin called “Rename wp-login.php”.


  • Steve Burge

    Steve is the founder of OSTraining. Originally from the UK, he now lives in Sarasota in the USA. Steve's work straddles the line between teaching and web development.

0 0 votes
Blog Rating
Notify of
Newest Most Voted
Inline Feedbacks
View all comments

An alternate I can think about is actually using a “captcha” for your login as well as any other forms you may have on a site. Some of the captcha modules available on WordPress can even block an offending IP for a set length of time upon repeated failures.


This is awesome tip. I implement it immediately in one of my

WP sites ๐Ÿ™‚
Thanks you for all your great videos and contribution to


Yaeger Design

What about plugins that utilize the WordPress login page? Will they be directed to the new URL properly by this plugin?

Rick Lohre

Good question! I have a plugin that has problems with this when I turn off some plugins for theme compatibility testing and sometimes it ends up a mess.


Great tutorial ๐Ÿ™‚ I found an even more secure way which is to put the whole WordPress site into a subdirectory. This changes the login url as well as hiding everything else from those of ill intent – [url=]…[/url]


Excellent tutorial. i never even think of changing this but you have the point. ๐Ÿ˜‰

Dan Knauss

There are other ways to do this with and without plugins. The plugin recommended in this article is not maintained by the developer, so it might not be the best solution.

Would love your thoughts, please comment.x