Cybersecurity

Change WordPress Login URL to Something Hackers Can't Guess

Ferdy Korpershoek
Ferdy KorpershoekMay 11, 2026

Why It Matters

Masking the WordPress login page thwarts many automated attacks, buying administrators time to implement deeper security controls.

Key Takeaways

  • Hiding wp-admin URL reduces automated brute‑force attacks significantly.
  • Use WP Hide Login plugin; over 2 million installs.
  • Change login slug to custom, e.g., “walterwhite”, then old URLs break.
  • Plugin settings are simple: install, activate, set new slug, save.
  • Additional hardening steps still needed beyond login URL change.

Summary

The video walks viewers through a quick method to obscure the default WordPress login endpoint, recommending the free WP Hide Login plugin as a first‑line defense against credential‑stuffing bots.

The presenter notes that AI‑driven attacks have surged, citing a 1,200 % rise in attempts over the past year, and points out the plugin’s popularity—over two million active installations and recent updates—making it a trusted choice.

Using a live site (webdevine.com) he demonstrates changing the slug from “wp‑admin” to a custom string like “WalterWhite”, showing that the original URLs return 404 while the new path grants access.

While obscuring the login URL adds a layer of security and can deter automated scans, the host reminds viewers that comprehensive hardening—firewalls, strong passwords, and regular updates—remains essential.

Original Description

With the rise of AI, WordPress websites are becoming more vulnerable than ever before. In this quick WordPress security tutorial, I’ll show you how to hide your default wp-admin and wp-login.php page to make your website more secure.
By default, anyone can find your WordPress login page just by typing /wp-admin. In this tutorial, we’ll change that URL using the free WPS Hide Login plugin.
In this tutorial you’ll learn:
✅ Why hiding your login URL improves security
✅ How to install WPS Hide Login
✅ How to change your wp-admin URL
✅ How to block access to wp-login.php
✅ A simple extra layer of WordPress protection
Plugin used:
WPS Hide Login
If you want to take WordPress security even further, check out my upcoming tutorial about malware scanning, firewalls, brute force protection and more.

Comments

Want to join the conversation?

Loading comments...