In last post we shared the trick to hide WordPress login URL using .htaccess file. This tutorial is bit different from the previous tutorial. In last tutorial we just redirected /login to /wp-login.php, but now we will change the WordPress admin URL /wp-admin/ to /admin-panel/. It’s not the redirection, we’ll completely change the default admin slug to admin-panel.
This is a must use trick if you’re working on a client website. In this way, it’d hard for people to identify if it’s a WordPress site. We can also restrict the access to /wp-admin/ URL. Let’s get started with the first stuff:
Hide WordPress Admin URL
[alert style=”red”]According to user feedback, this snippet doesn’t work anymore. Only use it if you know what you’re doing.[/alert]
Add following snippet to your WordPress’ wp-config.php file:
define('WP_ADMIN_DIR', 'admin-panel'); define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . WP_ADMIN_DIR);
Now, add following snippet to your current theme’s functions.php file:
add_filter('site_url', 'wpadmin_filter', 10, 3); function wpadmin_filter( $url, $path, $orig_scheme ) { $old = array( "/(wp-admin)/"); $admin_dir = WP_ADMIN_DIR; $new = array($admin_dir); return preg_replace( $old, $new, $url, 1); }
Finally, add following snippet to your .htaccess file:
RewriteRule ^admin-panel/(.*) wp-admin/$1?%{QUERY_STRING} [L]
Now your admin URL will be like: http://www.yoursite.com/admin-panel/
Restrict wp-admin URLs:
The following code will redirect all /wp-admin/ URL requests to your 404.php error page. Add it on your theme’s functions.php file:
add_action('login_form','redirect_wp_admin'); function redirect_wp_admin(){ $redirect_to = $_SERVER['REQUEST_URI']; if(count($_REQUEST)> 0 && array_key_exists('redirect_to', $_REQUEST)){ $redirect_to = $_REQUEST['redirect_to']; $check_wp_admin = stristr($redirect_to, 'wp-admin'); if($check_wp_admin){ wp_safe_redirect( '404.php' ); } } }