How to Hide your WordPress Admin URL with iThemes Security

Hiding your WordPress login URL is an excellent way to vastly increase security of your site, especially from brute force attacks. In this article, we will show you how to effectively and easily change your WordPress admin URL with just a few clicks.

Hiding your WordPress Admin URL

  1. First, log into your WordPress admin dashboard.
  2. This article assumes that you aleady have iThemes Security installed and activated. If you do not, you may follow our article on installing iThemes Security.
  3. Within your WordPress admin, hover over Security on the left side menu, and click on Secttings.
  4. From here, scroll down to the section labeled Hide Login Area.
  5. To enable hiding of your WordPress admin, check the box labeled Hide Backend.
  6. After enabling the checkbox in the previous step, additional options will appear. In the Login Slug field, enter your new login location.
  7. There are various other options available here, but the defaults should be fine for the majority of sites. If you experience issues, you may need to change the Enable Theme Compatibility or Theme Compatibility Slug options. These options will not be covered here as the reasoning for changing them can greatly vary.
  8. Once your changes have been made, click Save All Changes.

Now that you have hidden your login URL with iThemes Security, your site login URL will be harder to locate, and thus make it more secure from brute force attacks. Note: Be sure to remember what you set in the Login Slug field as without it, you will not be able to log into your WordPress admin dashboard.

Thoughts on “How to Hide your WordPress Admin URL with iThemes Security

    • Thanks for your comment. This article is a little out of date. The section itself is now called “Hide Backend”. And from there, you can enable the Hide Backend feature.

  • Hi,


    I have tried to hide my admin url. Now on that hidden url I am getting 500(internal server error) due to missconfiguration but I really dont know what is going wrong in config)

    Would you please help me?

    • We need more information like what is your domain name. 500 errors are general in nature, and really just means the server doesn’t know what to do. Can you provide us the domain name?

  • ok, solved: it seems that itsec plugin has not written anything in my htaccess file…

    with manual edit the old address is now correctly unreachable.

  • Hi, I’ve a strange issue.

    My changed login slut is, for example, /fabio, where fabio is also my nickname for the admin account.

    Now, because of some brute force attacks, I decided to change /fabio in, for example /fabionew. So I saved correctly.

    Now I see the login mask in …./fabio AND in …./fabionew

    Why? I don’t want /fabio anymore…how can I hide the old slug?

  • Hi, thanks for the article. Does my .htaccess file need to have a certain CHMOD value for it to be able to work? It’s currently set to 644. Is that enough permission for iThemes to write to it?

    • Hello Adeola,

      iThemes Security is a third party plugin that my have updated and changed from the version that is being listed in this article. Our apologies if there is any confusion. Please reference the iThemes Security documentation for specific directions if you are unable to use the directions above for your current installation.

      If you have any further questions or comments, please let us know.

      Arnel C.

  • “Step 6. After enabling the checkbox in the previous step, additional options will appear. In the Login Slugfield, enter your new login location.”    How does one know where to locate the new login?

Was this article helpful? Let us know!