Skip to content

How To Hide WordPress Admin URL

In last post we shared the trick to hide WordPress login URL using .htaccess file. This tutorial is bit different from the previous tutorial. In last tutorial we just redirected /login to /wp-login.php, but now we will change the WordPress admin URL /wp-admin/ to /admin-panel/. It’s not the redirection, we’ll completely change the default admin slug to admin-panel.

This is a must use trick if you’re working on a client website. In this way, it’d hard for people to identify if it’s a WordPress site. We can also restrict the access to /wp-admin/ URL. Let’s get started with the first stuff:

Hide WordPress Admin URL

[alert style=”red”]According to user feedback, this snippet doesn’t work anymore. Only use it if you know what you’re doing.[/alert]

Add following snippet to your WordPress’ wp-config.php file:

define('WP_ADMIN_DIR', 'admin-panel');
define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . WP_ADMIN_DIR);

Now, add following snippet to your current theme’s functions.php file:

add_filter('site_url',  'wpadmin_filter', 10, 3);
 function wpadmin_filter( $url, $path, $orig_scheme ) {
  $old  = array( "/(wp-admin)/");
  $admin_dir = WP_ADMIN_DIR;
  $new  = array($admin_dir);
  return preg_replace( $old, $new, $url, 1);
 }

Finally, add following snippet to your .htaccess file:

RewriteRule ^admin-panel/(.*) wp-admin/$1?%{QUERY_STRING} [L]

Now your admin URL will be like: http://www.yoursite.com/admin-panel/

Restrict wp-admin URLs:

The following code will redirect all /wp-admin/ URL requests to your 404.php error page. Add it on your theme’s functions.php file:

add_action('login_form','redirect_wp_admin');

function redirect_wp_admin(){
$redirect_to = $_SERVER['REQUEST_URI'];

if(count($_REQUEST)> 0 && array_key_exists('redirect_to', $_REQUEST)){
$redirect_to = $_REQUEST['redirect_to'];
$check_wp_admin = stristr($redirect_to, 'wp-admin');
if($check_wp_admin){
wp_safe_redirect( '404.php' );
}
}
}

16 thoughts on “How To Hide WordPress Admin URL”

  1. Dark Ard デイダラ

    For .htaccess, should be:

    RewriteRule ^admin-panel(.*) wp-admin/$1?%{QUERY_STRING} [L]

    remove / from ^admin-panel/(.*)

    :)

    Thanks,

    1. when im opening my wp-admin it is opening the login page but an error is howing under the password
      “Warning: Cannot modify header information – headers already sent by (output started at /home/madnessf/public_html/wp-login.php:61) in /home/madnessf/public_html/wp-includes/pluggable.php on line 1121”
      so can u please tell me hoe it can completely be moved to 404.php page

  2. Good day Hardeep Asrani,

    I’m having problem with the code you share.

    Here is the link of my website where i put you code http://www.101pinoy.info/

    And also i notice that when i use the websitelink/wp-login.php i can still open my dashboard

    Thanks in advance :)

    1. It worked when I wrote the article, but now it’s not working. I guess I need to put a “Not Working” or something like that tag on this article. And the fact that I’m approving your comment proves that it worked back then :)

  3. Hello there, i just found this and I was dissapointed that it stopped working. But i managed to get it working again, by accident :)

    You just have to add this line in .htaccess:

    RewriteRule ^admin/?$ /wp-login.php [QSA,L]

    It worked for me on 4.3.1 version. Good luck!

  4. Nice trick. But you know that wordpress is always updating.
    Once it updated, those wp-config.php and functions.php would be rewrited by the new one.

    So it will be better to do that trick in theme or plugin level.

    IMHO.

Leave a Reply

Your email address will not be published. Required fields are marked *