↑ Return to Our Plugins

P11 Change Admin URL in WP

George Dorgan By
George Dorgan
My articles
Follow on:

Page no: P11

Page no: P11


Business Requirement

Very often it is forbidden to blog. It is not allowed to use internet too much. In order to protect the company, many employers block private email address.
Similarly to email providers, blog sites are particularly interesting because they also allow to upload company or client data. Administrators of the work infrastructure have the possibility to examine all content and all URLs, the whole history of internet activity.

What to do?

The solution is three-fold

  1. Bloggers should use HTTPS in order to prevent that the administrators can see his content and his password
  2. The standard login page should be moved. The example below shows how the WP Security plugin hides the login page.
  3. Hide a part of the URL that is typical for bloggers. This is the  “/wp-admin”
Hidden Login

Case 2: Hidden Login with All in One WP Security


Here we will show a proper way to change the whole admin url. In additional we use brute force protection and another login url. So currently we have a custom login url page and custom admin url.


How To Change The Admin URL

Step 1) Change the wp-config

Add new URLs into WP-Config

Add new URLs into WP-Config - Click to enlarge

First we need to change the wp-config adding two new lines of code:

define(‘WP_ADMIN_DIR’, ‘niko2’);


The first link tells that the admin dir is changed and the new is niko2 in our example. The second line of code tells the WP to change the path for the cookies.


Step 2) Adding filter in functions.php of the template

Making a changes in functions.php

Making a changes in functions.php - Click to enlarge

After that we need to change the Admin URL into the front-end URLs too. This must be done by functions.php into the template (or the child template). It also can be done creating a new plugin.

    add_filter(‘site_url’,  ‘wpadmin_filter’, 10, 3);

function wpadmin_filter( $url, $path, $orig_scheme ) {
$old  = array( “/(wp-admin)/”);
$admin_dir = WP_ADMIN_DIR;
$new  = array($admin_dir);
return preg_replace( $old, $new, $url, 1);

In our case we should put that code under themes/sahifa-child or themes/graphene-child. Here the code is standard and we don’t need to change anything like in Step 1)


Step 3) Making the url rewrite on the server

Changes in htaccess

Changes in htaccess - Click to enlarge

The last step is to make the server rewrite url via .htaccess. It is simple and can be done with this code.

RewriteRule ^niko2/(.*) wp-admin/$1?%{QUERY_STRING} [L]

Here we must to change niko2 to what we want. This code must be put on the top of the htaccess file.



Additional integration

We use this hack above and integrate it into WP Security and now both of them are working. The login URL is the same – niko, but after that we don’t redirect to wp-admin, we redirect to niko2. All the urls and queries are via niko2 and not wp-admin. I think there is no chance to recognized that it is wp-admin. The brute force and Ip protections are still working.




1. Hidden Login with All in One WP Security Hidden-Login
2. Change the wp-config changing-wpconfig
3. Adding filter in functions.php of the template changing-functionsphp
4. Making the url rewrite on the server changes-in-htaccess
See more for Plugins