How to Hide your WordPress Admin URL with iThemes Security

Hiding your WordPress login URL is an excellent way to vastly increase the security of your site, especially from brute force attacks. In this article, we will show you how to effectively and easily change your WordPress admin URL with just a few clicks.

Hiding your WordPress Admin URL

  1. First, log in to your WordPress admin dashboard.
  2. You will need to have iThemes Security installed and activated. If you do not, you may follow our article on installing iThemes Security.
  3. Within your WordPress admin, hover over Security on the left side menu, and click on Settings.
  4. The settings can be filtered as Recommended and Advanced if all of them are not showing. You’ll see the filter options in the top right corner of the listed settings. Click on Advanced.
  5. Find Hide Backend and then click on Configure Settings.
iThemes Security Settings page
iThemes Security Settings
  1. After enabling the checkbox in the previous step, you will see options appear that allow you to configure how your login URL will be set. In the Login Slug field, enter your new login location.
iThemes Hide Backend Options
iThemes Hide Backend Options
  1. After enabling the checkbox in the previous step, additional options will appear. In the Login Slug field, enter your new login location. Make sure that you record this setting or set a bookmark to it. If you forget your new login URL, then you won’t be able to login to your site.
  2. You will see other options, but for simplicity leave the defaults for Enable Redirection and Redirection Slug as they are.  You can change the redirection slug if you feel it’s needed, but the Enable Redirection should be checked to prevent error messages.
  3. Once your changes have been made, click Save Settings in the bottom lefthand corner.

Now that you have hidden your login URL with iThemes Security, your site login URL will be harder to locate, and thus make it more secure from brute force attacks. Note: As a reminder, be sure to remember what you set in the Login Slug field as, without it, you will not be able to log into your WordPress admin dashboard.

17 thoughts on “How to Hide your WordPress Admin URL with iThemes Security

    1. Hi Dave,

      Thanks for your question. Unfortunately, changing the WordPress Admin URL does require the use of a plugin. Changing it in the wp-config.php file would likely result in errors or malfunctioning features.

      Best Regards,
      Alyssa K.

  1. Do you know where this setting is save? Can no longer get into my website. I looked through .htaccess and wp_config, and database but I am a bit lost. Changed my website to wplogin, but I get not found.

    1. Hi Paul,

      It should be located in the wp-config.php file, likely labeled as the “ADMINURL” or something similar.

      Best Regards,
      Alyssa K.

    1. Thanks for your comment. This article is a little out of date. The section itself is now called “Hide Backend”. And from there, you can enable the Hide Backend feature.

  2. Hi,


    I have tried to hide my admin url. Now on that hidden url I am getting 500(internal server error) due to missconfiguration but I really dont know what is going wrong in config)

    Would you please help me?

    1. We need more information like what is your domain name. 500 errors are general in nature, and really just means the server doesn’t know what to do. Can you provide us the domain name?

  3. ok, solved: it seems that itsec plugin has not written anything in my htaccess file…

    with manual edit the old address is now correctly unreachable.

  4. Hi, I’ve a strange issue.

    My changed login slut is, for example, /fabio, where fabio is also my nickname for the admin account.

    Now, because of some brute force attacks, I decided to change /fabio in, for example /fabionew. So I saved correctly.

    Now I see the login mask in …./fabio AND in …./fabionew

    Why? I don’t want /fabio anymore…how can I hide the old slug?

  5. Hi, thanks for the article. Does my .htaccess file need to have a certain CHMOD value for it to be able to work? It’s currently set to 644. Is that enough permission for iThemes to write to it?

    1. Hello Adeola,

      iThemes Security is a third party plugin that my have updated and changed from the version that is being listed in this article. Our apologies if there is any confusion. Please reference the iThemes Security documentation for specific directions if you are unable to use the directions above for your current installation.

      If you have any further questions or comments, please let us know.

      Arnel C.

  6. “Step 6. After enabling the checkbox in the previous step, additional options will appear. In the Login Slugfield, enter your new login location.”    How does one know where to locate the new login?

    1. Hello Gwen,

      What ever you change the slug to would be your new login page such as in the example it would be

      Best Regards,
      TJ Edens

Was this article helpful? Join the conversation!

Leap into Savings
Leap Ahead with Limited Time Deals