How To Hide WordPress Admin URL

In last post we shared the trick to hide WordPress login URL using .htaccess file. This tutorial is bit different from the previous tutorial. In last tutorial we just redirected /login to /wp-login.php, but now we will change the WordPress admin URL /wp-admin/ to /admin-panel/. It’s not the redirection, we’ll completely change the default admin slug to admin-panel.

This is a must use trick if you’re working on a client website. In this way, it’d hard for people to identify if it’s a WordPress site. We can also restrict the access to /wp-admin/ URL. Let’s get started with the first stuff:

Hide WordPress Admin URL

[alert style=”red”]According to user feedback, this snippet doesn’t work anymore. Only use it if you know what you’re doing.[/alert]

Add following snippet to your WordPress’ wp-config.php file:

define('WP_ADMIN_DIR', 'admin-panel');
define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . WP_ADMIN_DIR);

Now, add following snippet to your current theme’s functions.php file:

add_filter('site_url',  'wpadmin_filter', 10, 3);
 function wpadmin_filter( $url, $path, $orig_scheme ) {
  $old  = array( "/(wp-admin)/");
  $admin_dir = WP_ADMIN_DIR;
  $new  = array($admin_dir);
  return preg_replace( $old, $new, $url, 1);
 }

Finally, add following snippet to your .htaccess file:

RewriteRule ^admin-panel/(.*) wp-admin/$1?%{QUERY_STRING} [L]

Now your admin URL will be like: http://www.yoursite.com/admin-panel/

Restrict wp-admin URLs:

The following code will redirect all /wp-admin/ URL requests to your 404.php error page. Add it on your theme’s functions.php file:

add_action('login_form','redirect_wp_admin');

function redirect_wp_admin(){
$redirect_to = $_SERVER['REQUEST_URI'];

if(count($_REQUEST)> 0 && array_key_exists('redirect_to', $_REQUEST)){
$redirect_to = $_REQUEST['redirect_to'];
$check_wp_admin = stristr($redirect_to, 'wp-admin');
if($check_wp_admin){
wp_safe_redirect( '404.php' );
}
}
}