Create Personal WordPress Login Page To Strengthen Your WordPress

23
55

WordPress Login page has been known by all of WordPress users. People are easily get access to the wp-login.php by typing /wp-login.php next to each web address they found in the internet. Many WordPress security plugins have been built to help WordPress users improve their site security such as AskApache Password Protect, Admin SSL, WP Security Scan etc.

Nevertheless, it still remains WordPress login page as wp-login.php. Here, I would like to share really simple steps help you improving your WordPress Login page security by changing wp-login.php to your personal login page. No advanced knowledge is needed. Anyone can do this manually.

If you like this article, you might be interested in some of our other articles on WordPress Plugins That Power A-Lists Blogs, Things To Do After Installing WordPress, Why Use Premium WordPress Themes , and Translation Plugins For WordPress

Tutorial Details

  • Program: WordPress
  • Version : 3.3.1
  • Categories: Security
  • Difficulty: Easy
  • Estimated Completion Time: 10-15 minutes
  • Tools: Notepad++

Step 1 Check Up Your WordPress Login Page

Go to your WordPress login page. It should be yoursite.com/wp-login.php. Before we start doing this changing, it would be better if you back up your WordPress site.

Create Personal WordPress Login Page

Step 2 Go to Your WordPress Folder

Here we are. Go to your WordPress folder find wp-login.php then rename it as you like it. Change the name into whatever you want. In order to make it clear, I change the wp-login.php into up_to_you.php

ftp wordpress folder

Step 3 Edit Your New Login Page with Notepad++

Open the up_to_you.php (your new login page name) with notepad. Use find and replace command to find wp-login.php. Afterwards, you should replace it with up_to_you.php.

motepad++

Step 4 Double Check

Check your code by down scanning to your up_to_you.php . There should be 13 changes if you done it correctly, then click save.

notrepad++ replace

Step 5 Try Login with Usual WordPress Login Page

Try login to your WordPress site using wp-login.php. You will find the 404 error page that wp-login.php page was not found on your server. So, where it is?

404 not found

Step 6 Try to Login with Your New WordPress Login Page

In this step, we use our new login page namely up_to_you.php. Type it on your WordPress web address and hit enter. You will find it below. Yes, our wp-login.php has changed into up_to_you.php. Who knows? Please make sure that you can login to your admin dashboard through your new login page.

new WordPress Login Page

Step 7 Try to Logout from your WordPress dashboard

We have succeeded login to our WordPress admin dashboard through our new login page. Then, we have to try to logout from admin dashboard to test it work correctly. Click logout and you will find this.

404 logout page

Yes, we cannot logout correctly. We still have wp-login.php while logging out from admin dashboard. We have to change it to up_to_you.php to get it work correctly.

Step 8 Edit Your general-template.php

Go to your WordPress folder, enter the wp-includes folder, and find general-template.php

general template

Step 9 Find and replace wp-login.php

Again, we use notepad++ to find and replace wp-login.php into up_to_you.php. There should be 5 replacements. Last, save it.

replace all

replaced all

Step 10 Try Login and Logout again

We can see from the picture below that yoursite.com/wp-login.php?action=logout&_wpnonce has changed to yoursite.com/up_to_you.php?action=logout&_wpnonce

wordpress logout

Step 11 Final Result

Click logout and we logout successfully

WordPress logged out

Important Notes

  1. Please keep in mind that WordPress always update their platform into newer version periodically. Therefore, you have to restore those two PHP files namely wp-login.php and general-template.php into standard form before updating. Again, you can personalize your login page after updating.
  2. It would be better for you to Disable Directory Browsing and edit your .htaccess.
  3. You can change wp-login.php which is found in the wp-blog-header.php not in the general-template.php for lower WordPress version.
  4. You can do all of those steps in your local server (wamp/xampp) and your online WordPress site through filemanager in your Cpanel.
Nisha is the head blogger for Slodive.com. She loves tattoos and inspirational quotes. Check her out on google plus https://plus.google.com/u/0/116437517919411097994.

23 COMMENTS

  1. Great tutorial. This small security feature can prevent websites from being hacked. There are many tutorials available to modify the login page and so on, but from the security perspective, having a differently named login page minimizes on the risk. Thanks for covering this topic.

  2. That is a perfect solution for me to remove unnecessary access of my admin login page. I am going to use this feature and remove other login redirection plugins. Thanks

  3. Nice Post. This is really helpful. I bookmarked it for reference. I might convert my blog to wordpress and this kind of tutorial will be helpful for me.

  4. Very nice tutorial.I’ve been following v0x’s post since some days. He really posts nice. This tutorial is helpful, and will protect sites from spammers and hackers.

    Step by step on time we’ll be able to fully prevent our sites from being hacked!

    • @Sinbad Konick…correct Sinbad…providing .htaccess and other security plugins will improve your WordPress blog’s security meanwhile…I would rather do plugin audit before installing them to my blog…

    • @saad..I’d clarify your question first..Do you mean “wp-admin” to”wp-login”?correct?
      Above written experiment by far just simple steps you can tweak your wordpress login page manually…There are more options securing “wp-admin”, one prevention that you can create is by providing “.htaccess” files in your wp-admin directory (*this can be applied correctly when your internet connections using a static IP not the dynamic IP while accessing your WordPress admin)

    • Your welcome @Satya…don’t forget to add IP protection in your wp-admin directory using written code in PHP. It is the best option than adding .htaccess files…

  5. Great and useful article!

    I tried the above tip and it works great although I have a problem.
    If I type: http://www.mywebsite.com/wp-admin

    It do a redirect to my new login page and opens the new login page (for example “up_to_you.php”

    Cannot figure out what and where I added or modified code so that it does that :-(

    THANK YOU for any advise

  6. Nice tutorial but I think there are some plugins available to do this work easily and directly from your wordpress dashboard.

LEAVE A REPLY

Please enter your comment!
Please enter your name here