WordPress Login page has been known by all of WordPress users. People are easily get access to thewp-login.php by typing /wp-login.php next to each web address they found in the internet. Many WordPress security plugins have been built to help WordPress users improve their site security such asAskApache Password Protect, Admin SSL, WP Security Scan etc.
Nevertheless, it still remains WordPress login page as wp-login.php. Here, I would like to share really simple steps help you improving your WordPress Login page security by changing wp-login.php to your personal login page. No advanced knowledge is needed. Anyone can do this manually.
- Program: WordPress
- Version : 3.3.1
- Categories: Security
- Difficulty: Easy
- Estimated Completion Time: 10-15 minutes
- Tools: Notepad++
Step 1 Check Up Your WordPress Login Page
Go to your WordPress login page. It should be yoursite.com/wp-login.php. Before we start doing this changing, it would be better if you back up your WordPress site.
Step 2 Go to Your WordPress Folder
Here we are. Go to your WordPress folder find wp-login.php then rename it as you like it. Change the name into whatever you want. In order to make it clear, I change the wp-login.php into up_to_you.php
Step 3 Edit Your New Login Page with Notepad++
Open the up_to_you.php (your new login page name) with notepad. Use find and replace command to find wp-login.php. Afterwards, you should replace it with up_to_you.php.
Step 4 Double Check
Check your code by down scanning to your up_to_you.php . There should be 13 changes if you done it correctly, then click save.
Step 5 Try Login with Usual WordPress Login Page
Try login to your WordPress site using wp-login.php. You will find the 404 error page that wp-login.php page was not found on your server. So, where it is?
Step 6 Try to Login with Your New WordPress Login Page
In this step, we use our new login page namely up_to_you.php. Type it on your WordPress web address and hit enter. You will find it below. Yes, our wp-login.php has changed into up_to_you.php. Who knows? Please make sure that you can login to your admin dashboard through your new login page.
Step 7 Try to Logout from your WordPress dashboard
We have succeeded login to our WordPress admin dashboard through our new login page. Then, we have to try to logout from admin dashboard to test it work correctly. Click logout and you will find this.
Yes, we cannot logout correctly. We still have wp-login.php while logging out from admin dashboard. We have to change it to up_to_you.php to get it work correctly.
Step 8 Edit Your general-template.php
Go to your WordPress folder, enter the wp-includes folder, and find general-template.php
Step 9 Find and replace wp-login.php
Again, we use notepad++ to find and replace wp-login.php into up_to_you.php. There should be 5 replacements. Last, save it.
Step 10 Try Login and Logout again
We can see from the picture below that yoursite.com/wp-login.php?action=logout&_wpnonce has changed to yoursite.com/up_to_you.php?action=logout&_wpnonce
Step 11 Final Result
Click logout and we logout successfully
- Please keep in mind that WordPress always update their platform into newer version periodically. Therefore, you have to restore those two PHP files namely wp-login.php and general-template.php into standard form before updating. Again, you can personalize your login page after updating.
- It would be better for you to Disable Directory Browsing and edit your .htaccess.
- You can change wp-login.php which is found in the wp-blog-header.php not in the general-template.php for lower WordPress version.
- You can do all of those steps in your local server (wamp/xampp) and your online WordPress site through filemanager in your Cpanel.
Credits : v0x on slodive[dot]com