Simpler Login URL
The default URL for logging into your WordPress powered site is: http://example.com/wp-login.php
. Or if you’ve installed in a subdirectory, something like http://example.com/wp/wp-login.php
. I’ve wished that was a little cleaner, especially when you are doing something explaining to a client where to log in over the phone. Fortunately changing this can be very easy.
To make your login URL just http://example.com/login
just add this line in your .htaccess file before the default WordPress rewrite stuff:
RewriteRule ^login$ http://example.com/wp-login.php [NC,L]
- The carret
^
is a substitute for the directory that the .htaccess file is in. For example if the file is in your root, it stands forhttp://example.com/
. - The dollar sign
$
means “stop matching here” (So ultimately we’re looking forhttp://example.com/login
). - Then after the space you put the URL to use instead. This is our fully valid WordPress login URL, nothing fancy here.
- After that are the [flags]. We are using two:
NC
andL
.NC
means “no case” which means “LoGiN” would match as well as “login”.L
means “last” meaning don’t process any of the rest of the .htaccess file after this match. This is important so our WordPress rewrites don’t get involved. - Note that this doesn’t redirect, it rewrites, which I think is cleaner. If you’d prefer a redirect, you can add an
R
flag as well.
Not up for tinkering with .htaccess yourself? Ozh has a plugin based on this post. Easy breezy either way you slice it.
40 responses
-
Nice! I never liked telling a client wp-login.php, so a while back I started saying
http://domain.com/wp-admin
. That is also nice because if the user is already logged in and they click a bookmark in their browser (or just typing it manually in the address bar) they made for wp-login.php, then they will be brought back to the login screen instead of the dashboard.Now I’m guessing RewriteRule will behave the same way correct? Maybe you’d want to do this instead:
RewriteRule ^login$ http://example.com/wp-admin [NC,L]
-
Or even better.
RewriteRule ^admin$ http://example.com/wp-admin [NC,L]
-
-
great tip, thanks!
question: how would you prevent any access to wp-login.php unless the url used to arrive is /login ?
-
Or, cleaner and more portable, make a simple rewrite rule plugin :)
-
@Ozh,
Okay, I will. How? :^P
-
Check my blog:
-
-
-
Nice and clean. Thanks Chris.
P.S. Waiting for the next digwp book update. When will it be ready?
And….oh…Keep up brilliant worn guys.
-
My coding skills are next to nil, so I have to ask: where, exactly, is “before the default WordPress rewrite stuff”? You mean at the very top of the file, before the “# BEGIN WordPress” line (I doubt it, but maybe)? Or before the “RewriteEngine On” line? Or after the three lines starting “RewriteEngine On”? Or somewhere else? A very precise position — so I don’t screw up — would be much appreciated. Thanks!
-
The “R” flag is implicit if an absolute URL appears anywhere in the rule. I believe what you want is the relative URL:
RewriteRule ^login$ wp-login.php [NC,L]
-
Would this relative version work for all mapped sites of a WordPress MultiSite install, if it resided in the root of a WordPress MultiSite install?
-
No
-
-
The relative url worked for me! Thank you.
-
-
Anything different or anything to consider if you have a dedicated IP address and SSL on your domain? Would that have any effect on the ReWrite code?
-
I have done this via the .htaccess file, wouldn’t that be easier?
-
In my .htaccess file i have the following but when i go to
example.com/login
it gives me a 404 page not found error. Did i do the code right?RewriteRule ^login$ http://example.com/wordpress/wp-login.php [NC,L] RewriteRule ^admin$ http://example.com/wordpress/wp-admin/index.php [NC,L] RewriteEngine On RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L]
-
“RewriteEngine On” must be set before you can use any “Rewrite” modifications
-
Yes you are correct. I did rearrange that part and put it at the top instead and it worked like a charm. Thanks for your help.
-
-
-
I usually add a line in .htaccess file like
Redirect /admin http://yoursite/wp-admin
The reason I prefer redirecting admin instead of login is because, when I’m logged in already (remembered cookie) in some cases (not sure if this also applies to WP 3.0) it takes you to wp-login.php no matter whether you’re logged in already or not
Whereas admin always takes you to the dashboard, unless you’re not logged in in which case it shows the login screen.
-
I will surely use this
-
Is there anyway to append something like @edit onto a current post url to have you redirect to the wp-admin for editing that page???
-
thanks, its very usefull. this method can prevent some hacker :D
-
This is really useful especially for commercial works.
Thanks for sharing!
-
Nice tip! For a Nginx powered website, how would you implement this redirection?
-
A slightly more complex one, which gives users a little more flexibility:-
RewriteEngine On RewriteCond %{REQUEST_URI} ^/login(/|(.php))*$ [OR] RewriteCond %{REQUEST_URI} ^/admin(/|(.php))*$ RewriteRule .* /wp-admin/index.php [NC,L]
This will redirect any combination of
/login
,/login.php
,/login/
or/admin
etc, in case a user doesn’t remember it quite right.@dgrut – this won’t give you any hacker prevention, as the original WP URL is still valid. However, if you put your WP install in an obscure subdirectory and amended the RewriteRule to something like:-
RewriteRule .* /obscure-sub-directory/wp-admin/index.php [NC,L]
That might give some protection (though it’s not hard to figure out what that subdirectory is just by looking at the source of any page).
-
Sorry, getting my bbcode/html mixed up…
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/login(/|(.php))*$ [OR]
RewriteCond %{REQUEST_URI} ^/admin(/|(.php))*$
RewriteRule .* /wp-admin/index.php [NC,L]
-
I used this when 3.1 was released, it doesn’t render the
http://example.com/login
, instead it sayshttp://example.com/wp-login.php?redirect_to=http%3A%2F%2Fexample.com%2Flogin&reauth=1
-
That’s correct behavior. You are actually on the wp-login.php page and it’s then redirecting you to the page you requested which is domain.com/login. It won’t hide the URL after you type it, it’s for convenience to type whatever you want instead of wp-login.php.
-
Also, you’ll note that once you login you are taken to domain.com/wp-admin like normal.
-
-
-
Great tip! Where’s the I Like button for facebook? :)
-
Here is my version:
DirectoryIndex /vip/index.php Redirect http://example.com/vip/wp-admin/ http://example.com/vip/wp-admin/index.php RewriteEngine On RewriteBase /vip/ RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /vip/index.php [L]
-
is it redirected to
/wp-login.php
or just showing the login in/login
? -
I know nothing about fixing all this, so this will be very helpful for my personal blog site. This is wonderful if I can access wp-login.php with some other name :)
-
Great tip … this has really helped me with a SSL redirect question for admin and login on a secure multisite
-
This should be a WordPress core feature, so I’ve added it to the WordPress ideas. You can vote for it on WordPress.org.
-
This is awesome but I really would like to use it and close off access via ‘/wp-admin’. Is there a method for doing this? Is it not advisable. If it can be done I am assuming that forgetting your login would suck.