Like the blog? Get the book »

Simpler Login URL

Simpler Login URL

The default URL for logging into your WordPress powered site is: http://example.com/wp-login.php. Or if you’ve installed in a subdirectory, something like http://example.com/wp/wp-login.php. I’ve wished that was a little cleaner, especially when you are doing something explaining to a client where to log in over the phone. Fortunately changing this can be very easy.

To make your login URL just http://example.com/login just add this line in your .htaccess file before the default WordPress rewrite stuff:

RewriteRule ^login$ http://example.com/wp-login.php [NC,L]
  • The carret ^ is a substitute for the directory that the .htaccess file is in. For example if the file is in your root, it stands for http://example.com/.
  • The dollar sign $ means “stop matching here” (So ultimately we’re looking for http://example.com/login).
  • Then after the space you put the URL to use instead. This is our fully valid WordPress login URL, nothing fancy here.
  • After that are the [flags]. We are using two: NC and L. NC means “no case” which means “LoGiN” would match as well as “login”. L means “last” meaning don’t process any of the rest of the .htaccess file after this match. This is important so our WordPress rewrites don’t get involved.
  • Note that this doesn’t redirect, it rewrites, which I think is cleaner. If you’d prefer a redirect, you can add an R flag as well.

Not up for tinkering with .htaccess yourself? Ozh has a plugin based on this post. Easy breezy either way you slice it.

40 responses

  1. Peter Bockenhauer

    Nice! I never liked telling a client wp-login.php, so a while back I started saying http://domain.com/wp-admin. That is also nice because if the user is already logged in and they click a bookmark in their browser (or just typing it manually in the address bar) they made for wp-login.php, then they will be brought back to the login screen instead of the dashboard.

    Now I’m guessing RewriteRule will behave the same way correct? Maybe you’d want to do this instead:

    RewriteRule ^login$ http://example.com/wp-admin [NC,L]

    • Or even better.

      RewriteRule ^admin$ http://example.com/wp-admin [NC,L]

      • You could also use RedirectMatch to enable a login URL switch:

        RedirectMatch 301 @admin http://example.com/wp-admin

        The @ prevents the rule from bothering anything else, and RedirectMatch picks up on the switch from anywhere in the site, so regardless of what page you’re on, you just append @admin to the URL and you’re there.

        • Peter Bockenhauer

          Thanks Jeff! This works pretty nice. I tweaked it for multisite:

          RedirectMatch 301 @admin /wp-admin

          Now I just set this in my one .htaccess for multisite and then no matter what site you are on, it will go to that site’s login page instead of my main site.

  2. great tip, thanks!

    question: how would you prevent any access to wp-login.php unless the url used to arrive is /login ?

  3. Or, cleaner and more portable, make a simple rewrite rule plugin :)

  4. Nice and clean. Thanks Chris.

    P.S. Waiting for the next digwp book update. When will it be ready?

    And….oh…Keep up brilliant worn guys.

  5. My coding skills are next to nil, so I have to ask: where, exactly, is “before the default WordPress rewrite stuff”? You mean at the very top of the file, before the “# BEGIN WordPress” line (I doubt it, but maybe)? Or before the “RewriteEngine On” line? Or after the three lines starting “RewriteEngine On”? Or somewhere else? A very precise position — so I don’t screw up — would be much appreciated. Thanks!

  6. The “R” flag is implicit if an absolute URL appears anywhere in the rule. I believe what you want is the relative URL:

    RewriteRule ^login$ wp-login.php [NC,L]

  7. Anything different or anything to consider if you have a dedicated IP address and SSL on your domain? Would that have any effect on the ReWrite code?

  8. I have done this via the .htaccess file, wouldn’t that be easier?

  9. In my .htaccess file i have the following but when i go to example.com/login it gives me a 404 page not found error. Did i do the code right?

    RewriteRule ^login$ http://example.com/wordpress/wp-login.php [NC,L]
    RewriteRule ^admin$ http://example.com/wordpress/wp-admin/index.php [NC,L]
    RewriteEngine On
    RewriteCond %{HTTPS} on
    RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L]
    • “RewriteEngine On” must be set before you can use any “Rewrite” modifications

      • Yes you are correct. I did rearrange that part and put it at the top instead and it worked like a charm. Thanks for your help.

  10. I usually add a line in .htaccess file like

    Redirect /admin http://yoursite/wp-admin

    The reason I prefer redirecting admin instead of login is because, when I’m logged in already (remembered cookie) in some cases (not sure if this also applies to WP 3.0) it takes you to wp-login.php no matter whether you’re logged in already or not

    Whereas admin always takes you to the dashboard, unless you’re not logged in in which case it shows the login screen.

  11. I will surely use this

  12. Is there anyway to append something like @edit onto a current post url to have you redirect to the wp-admin for editing that page???

  13. thanks, its very usefull. this method can prevent some hacker :D

  14. This is really useful especially for commercial works.

    Thanks for sharing!

  15. Nice tip! For a Nginx powered website, how would you implement this redirection?

  16. A slightly more complex one, which gives users a little more flexibility:-

    RewriteEngine On
    RewriteCond %{REQUEST_URI} ^/login(/|(.php))*$ [OR]
    RewriteCond %{REQUEST_URI} ^/admin(/|(.php))*$
    RewriteRule .* /wp-admin/index.php [NC,L]

    This will redirect any combination of /login, /login.php, /login/ or /admin etc, in case a user doesn’t remember it quite right.

    @dgrut – this won’t give you any hacker prevention, as the original WP URL is still valid. However, if you put your WP install in an obscure subdirectory and amended the RewriteRule to something like:-

    RewriteRule .* /obscure-sub-directory/wp-admin/index.php [NC,L]

    That might give some protection (though it’s not hard to figure out what that subdirectory is just by looking at the source of any page).

  17. Sorry, getting my bbcode/html mixed up…

    RewriteEngine On
    RewriteCond %{REQUEST_URI} ^/login(/|(.php))*$ [OR]
    RewriteCond %{REQUEST_URI} ^/admin(/|(.php))*$
    RewriteRule .* /wp-admin/index.php [NC,L]

    • I used this when 3.1 was released, it doesn’t render the http://example.com/login, instead it says http://example.com/wp-login.php?redirect_to=http%3A%2F%2Fexample.com%2Flogin&reauth=1

      • Peter Bockenhauer

        That’s correct behavior. You are actually on the wp-login.php page and it’s then redirecting you to the page you requested which is domain.com/login. It won’t hide the URL after you type it, it’s for convenience to type whatever you want instead of wp-login.php.

      • Peter Bockenhauer

        Also, you’ll note that once you login you are taken to domain.com/wp-admin like normal.

  18. Great tip! Where’s the I Like button for facebook? :)

  19. Here is my version:

    DirectoryIndex /vip/index.php
    Redirect http://example.com/vip/wp-admin/ http://example.com/vip/wp-admin/index.php
    
    RewriteEngine On
    RewriteBase /vip/
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /vip/index.php [L]
  20. is it redirected to /wp-login.php or just showing the login in /login ?

  21. I know nothing about fixing all this, so this will be very helpful for my personal blog site. This is wonderful if I can access wp-login.php with some other name :)

  22. Great tip … this has really helped me with a SSL redirect question for admin and login on a secure multisite

  23. This should be a WordPress core feature, so I’ve added it to the WordPress ideas. You can vote for it on WordPress.org.

  24. This is awesome but I really would like to use it and close off access via ‘/wp-admin’. Is there a method for doing this? Is it not advisable. If it can be done I am assuming that forgetting your login would suck.

Comments are closed for this post. Contact us with any critical information.
© 2009–2024 Digging Into WordPress Powered by WordPress Monzilla Media shapeSpace