Security Blog

How to rename wp-login.php

Protect your WordPress from brute-force attacks with Custom login page

WP Cerber lets you easily and safely change the default login page wp-login.php to whatever you want. In other words, you can set up your own custom login URL and hide wp-login.php from automated attacks. You don’t need to edit .htaccess file manually or rename your actual wp-login.php file. With WP Cerber you can do it in several clicks. It is safe.

  1. Go to the WP Cerber Main Settings admin page.
  2. Enter your new desired login URL into the Custom login URL field
  3. Check Block direct access to wp-login.php and return HTTP 404 Not Found Error
  4. Click Save settings. The plugin will send a new URL to the admin email.
  5. Bookmark your new Custom login URL. If you forget it, you will be unable to login.
  6. Done!
How to rename wp-login.php

How to rename wp-login.php


  • If you use a caching plugin like W3 Total Cache or WP Super Cache you have to add the slug of the new Custom login URL to the list of pages not to cache.
  • For WP multisite mode login URL will be changed for all sites globally.
  • Never rename wp-login.php file directly. After updating your WordPress to a new version, wp-login.php will be accessible for intruders again.

See also: How to hide wp-admin and wp-login.php from possible attacks

Last posts from WordPress security blog

I’m a self-employed developer who builds software products and services using WordPress for more that seven years. I enjoy partnering with others for interesting and challenging projects. If you’re interested in, feel free to contact me.

View Comments