Create Personal WordPress Login Page To Strengthen Your WordPress

WordPress Login page has been known by all of WordPress users. People are easily get access to the wp-login.php by typing /wp-login.php next to each web address they found in the internet. Many WordPress security plugins have been built to help WordPress users improve their site security such as AskApache Password Protect, Admin SSL, WP Security Scan etc.

Nevertheless, it still remains WordPress login page as wp-login.php. Here, I would like to share really simple steps help you improving your WordPress Login page security by changing wp-login.php to your personal login page. No advanced knowledge is needed. Anyone can do this manually.

If you like this article, you might be interested in some of our other articles on WordPress Plugins That Power A-Lists Blogs, Things To Do After Installing WordPress, Why Use Premium WordPress Themes , and Translation Plugins For WordPress

Tutorial Details

  • Program: WordPress
  • Version : 3.3.1
  • Categories: Security
  • Difficulty: Easy
  • Estimated Completion Time: 10-15 minutes
  • Tools: Notepad++

Step 1 Check Up Your WordPress Login Page

Go to your WordPress login page. It should be yoursite.com/wp-login.php. Before we start doing this changing, it would be better if you back up your WordPress site.

Create Personal WordPress Login Page

Step 2 Go to Your WordPress Folder

Here we are. Go to your WordPress folder find wp-login.php then rename it as you like it. Change the name into whatever you want. In order to make it clear, I change the wp-login.php into up_to_you.php

ftp wordpress folder

Step 3 Edit Your New Login Page with Notepad++

Open the up_to_you.php (your new login page name) with notepad. Use find and replace command to find wp-login.php. Afterwards, you should replace it with up_to_you.php.

motepad++

Step 4 Double Check

Check your code by down scanning to your up_to_you.php . There should be 13 changes if you done it correctly, then click save.

notrepad++ replace

Step 5 Try Login with Usual WordPress Login Page

Try login to your WordPress site using wp-login.php. You will find the 404 error page that wp-login.php page was not found on your server. So, where it is?

404 not found

Step 6 Try to Login with Your New WordPress Login Page

In this step, we use our new login page namely up_to_you.php. Type it on your WordPress web address and hit enter. You will find it below. Yes, our wp-login.php has changed into up_to_you.php. Who knows? Please make sure that you can login to your admin dashboard through your new login page.

new WordPress Login Page

Step 7 Try to Logout from your WordPress dashboard

We have succeeded login to our WordPress admin dashboard through our new login page. Then, we have to try to logout from admin dashboard to test it work correctly. Click logout and you will find this.

404 logout page

Yes, we cannot logout correctly. We still have wp-login.php while logging out from admin dashboard. We have to change it to up_to_you.php to get it work correctly.

Step 8 Edit Your general-template.php

Go to your WordPress folder, enter the wp-includes folder, and find general-template.php

general template

Step 9 Find and replace wp-login.php

Again, we use notepad++ to find and replace wp-login.php into up_to_you.php. There should be 5 replacements. Last, save it.

replace all

replaced all

Step 10 Try Login and Logout again

We can see from the picture below that yoursite.com/wp-login.php?action=logout&_wpnonce has changed to yoursite.com/up_to_you.php?action=logout&_wpnonce

wordpress logout

Step 11 Final Result

Click logout and we logout successfully

WordPress logged out

Important Notes

  1. Please keep in mind that WordPress always update their platform into newer version periodically. Therefore, you have to restore those two PHP files namely wp-login.php and general-template.php into standard form before updating. Again, you can personalize your login page after updating.
  2. It would be better for you to Disable Directory Browsing and edit your .htaccess.
  3. You can change wp-login.php which is found in the wp-blog-header.php not in the general-template.php for lower WordPress version.
  4. You can do all of those steps in your local server (wamp/xampp) and your online WordPress site through filemanager in your Cpanel.
Sharing is Caring
  • Zeeshan

    Great tutorial. This small security feature can prevent websites from being hacked. There are many tutorials available to modify the login page and so on, but from the security perspective, having a differently named login page minimizes on the risk. Thanks for covering this topic.

  • http://victoriapod.com Joseph

    This simple trick can save a day of bad guys.

  • Alok

    That is a perfect solution for me to remove unnecessary access of my admin login page. I am going to use this feature and remove other login redirection plugins. Thanks

  • Manuel Garcia

    Nice Post. This is really helpful. I bookmarked it for reference. I might convert my blog to wordpress and this kind of tutorial will be helpful for me.

  • http://www.crackingzilla.net SirDarknight

    Very nice tutorial.I’ve been following v0x’s post since some days. He really posts nice. This tutorial is helpful, and will protect sites from spammers and hackers.

    Step by step on time we’ll be able to fully prevent our sites from being hacked!

  • http://www.geekandblogger.com Pavan Somu

    This is something that we can keep a tough security to the WordPress blog. Great tutorial for every wp user.

  • http://linuxthebest.com Sinbad Konick

    That’s nice article …and it will help you to make your wordpress site’s privacy more powerful..

  • http://linuxthebest.com Sinbad Konick

    Another thing to mention you can use htc.access and some special plugin which will help you also..and keep the spam out of your site..

    • v0x

      @Sinbad Konick…correct Sinbad…providing .htaccess and other security plugins will improve your WordPress blog’s security meanwhile…I would rather do plugin audit before installing them to my blog…

  • http://techankit.com/ ankit

    awesome post …this tutorial may come handy in protecting your blog from hackers…

  • Jai

    Nice tutorial. It’s really hard for me to install wordpress. Not good at PHP though.

  • http://www.jaffablog.com Lavi

    Really a nice tutorial to protect WordPress blogs.. Thanks for the useful tutorial

  • http://www.blogged.jimdo.com Ben Stuart

    Thanks for this, I plan on changing from WordPress.com for my blog to WordPress.org so I can use this tutorial when I do.

  • SAAD

    Nice. What is your solution for wp-admin redirection to wp-admin page?

    • v0x

      @saad..I’d clarify your question first..Do you mean “wp-admin” to”wp-login”?correct?
      Above written experiment by far just simple steps you can tweak your wordpress login page manually…There are more options securing “wp-admin”, one prevention that you can create is by providing “.htaccess” files in your wp-admin directory (*this can be applied correctly when your internet connections using a static IP not the dynamic IP while accessing your WordPress admin)

  • http://syconet.blogspot.com/ Syconet

    Hey great one. I was looking for it. I will also change my wordpress login page now.

  • http://www.satyathakur.com Satya Thakur

    I had already changed the login page url earlier, but forget to change for the logout page. Now it works fine. Thanks.

    • v0x

      Your welcome @Satya…don’t forget to add IP protection in your wp-admin directory using written code in PHP. It is the best option than adding .htaccess files…

  • MagicGeek

    Great and useful article!

    I tried the above tip and it works great although I have a problem.
    If I type: http://www.mywebsite.com/wp-admin

    It do a redirect to my new login page and opens the new login page (for example “up_to_you.php”

    Cannot figure out what and where I added or modified code so that it does that :-(

    THANK YOU for any advise

  • Prabha

    Wow by making a personal login page i strengthen the wordpress security i didn’t know that. i love this post.

  • http://www.smartbloggertricks.com Tarun Jaitely

    Good tutorial to make wordpress more secure and safe.
    Thanks for sharing this :)

  • https://www.facebook.com/nikhil.sharma.982845 Nikhil Sharma

    Good Info. I do follow these steps except for the core files move. Now I will. Thanks.

  • Kuldeep

    Nice tutorial but I think there are some plugins available to do this work easily and directly from your wordpress dashboard.