How To Change WP-Admin URLs

Discover how Hide My WordPress Ghost helps you have a secure website!

Your site’s wp-admin page is certainly one of the most vulnerable pages on your website.

Protecting the WordPress admin area from unauthorized access allows you to block many common security threats.

In the following lines, you will learn how to protect your WordPress admin area from hackers.

What is the wp-admin login URL?

The WordPress admin page URL (or ‘login URL’) is the web address you visit when you want to access the backend of your website.

If you are looking to do some administrative tasks on your website, it is easily possible to do so via:

So, this represents an entry point to your site. 

Unfortunately, hackers also know this and often use the /wp-admin path as an attack point where they deploy hacking attempts via brute force methods.

How secure is WordPress admin?

Brute force attacks are a common type of hacking attempts which mainly consists of repeatedly guessing username and password combinations until the right login credentials are obtained. 

There are various methodologies which hackers use, but more often than not, attackers get into websites and accounts the same way anyone else does – by somehow obtaining access to the login credentials of an account on your site.

Why is it important to secure your wp-admin?

There are many different reasons why hackers may choose to target your WordPress site. 

We’ve listed some common examples of potential reasons to give you a better idea as to why your site may be targeted:

  • Inject Malicious Content 
  • Steal Money

  • Steal Visitors’ Personal Information

  • Spread Viruses

  • Steal Private Business Information 

  • Use Your Web Server to Host Phishing Pages

  • Steal Your Server Bandwidth

  • Overload Your Web Server

  • Vandalize Your Website

  • For Fun or to Get Attention

  • Disrupt Service


The moment hackers realize that your site is a WordPress site, they will automatically know your WP-Admin path. 

It is also common knowledge that WordPress creates an “admin” username by default.

Armed with this knowledge, a hacker has ⅔ of everything required for login. All they have to do now is guess your password. 

Hackers do not know if you have a more complex username and password combination. So, they may continue trying their luck for long periods of time.

This process puts a strain on your server resources and places your site at risk of being shut down.


how do you change the wp-admin path?

How to change your wp-admin URL

using the Hide My WP Ghost Plugin

Security tip! Do not use words like: login, logon, admin or backend for the login URL.

If you use Hide my WP Ghost for protecting your website, you can hide the login page and the wp-admin page and change them. Simply follow these steps:

      1. Log in to your Hide My WP Ghost Dashboard.
      2. Go to Hide My WP > Change Paths >Admin Security.
      3. Change the “Custom Admin Path” from /wp-admin/ to newadmin (just an example, you can change it to whatever you want).
      4. Click to save the new settings and follow the re-login instructions.
      5. This key setting is available even on the free plan!

Important!  The path will not be physically changed on your server. You will be redirected to the new admin path every time you log in to /wp-admin.

There is a simple yet effective manual process that allows you to change your /wp-admin URL, and it can help keep potential attackers at bay. This manual process is different based on server type. 

Unique URLs are much more difficult to guess and are, therefore, less likely to be targeted. However, this manual process may not be the best strategy.

You can choose to change the /wp-admin manually, but there are certain risks associated with this:

    • Every time you update WordPress, it will re-create the login page file. This means you’ll need to change the URL all over again.
    • Manually changing your login page URL can create errors with your logout screen, and cause other issues related to important site functionality.
    • It can also affect website functionality, as many plugins and themes don’t work if your physical paths are changed.

What Can You Do to Tighten Security &
how can Hide My WP Ghost help you?

If you look at a page’s source code, you can see things like:

/wp-content/themes/style.css, /wp-content/plugins/,  /wp-content/themes/,  /wp-admin/wp-install.php, /wp-content/upload/, /xml-rpc.php etc.


All these URLs are vulnerable to hackers and hiding them is important as well. 

Hackers don’t just access the /wp-admin and /wp-login.php paths to hack your website. 

All the vulnerable paths, including the ones from the installed plugins, can provide a way in for hackers, allowing them to infect your entire website with viruses.

Hide My WordPress Ghost is an easy-to-use product designed to provide you with the best protection against hackers. When you start using this plugin, you will be able to hide the fact that you are using WordPress on your site.

Being able to disguise the common paths is critical, as you get to keep intruders away from sensitive website data. 

This is crucial, and it will provide you really good results in the long term. It will surely be worth it, not to mention that hiding the common paths will make hacking a lot harder as well.

The Hide My WP Ghost Plugin
helps you hide & change all common paths ​


The paths will not be physically changed on your server. You will be redirected to the new path you’ve created.

Start Protecting Your WP Website Today

With the Most USER-FRIENDLY WordPress Security Plugin

Don’t let hackers know that you are using WordPress. 

Play Video

Hide My WP Ghost > More Benefits

Limit the number of login attempts

IP addresses

IP addresses

Password Protect
wp-admin Directory

Protect your

Identify Failed
Login Attempts

Most sites get hacked due to entirely preventable issues

Hide My WP Ghost offers a complete security workflow for any WordPress website owner.