by Chris Coyier & Jeff Starr

40 Responses

  1. Nice! I never liked telling a client wp-login.php, so a while back I started saying http://domain.com/wp-admin. That is also nice because if the user is already logged in and they click a bookmark in their browser (or just typing it manually in the address bar) they made for wp-login.php, then they will be brought back to the login screen instead of the dashboard.

    Now I’m guessing RewriteRule will behave the same way correct? Maybe you’d want to do this instead:
    RewriteRule ^login$ http://yoursite.com/wp-admin [NC,L]

    • Or even better.
      RewriteRule ^admin$ http://yoursite.com/wp-admin [NC,L]

      • Jeff Starr

        You could also use RedirectMatch to enable a login URL switch:

        RedirectMatch 301 @admin http://example.com/wp-admin

        The @ prevents the rule from bothering anything else, and RedirectMatch picks up on the switch from anywhere in the site, so regardless of what page you’re on, you just append @admin to the URL and you’re there.

        • Thanks Jeff! This works pretty nice. I tweaked it for multisite:
          RedirectMatch 301 @admin /wp-admin

          Now I just set this in my one .htaccess for multisite and then no matter what site you are on, it will go to that site’s login page instead of my main site.

  2. great tip, thanks!
    question: how would you prevent any access to wp-login.php unless the url used to arrive is /login ?

  3. Nick Plekhanov January 11, 2011

    Nice and clean. Thanks Chris.
    P.S. Waiting for the next digwp book update. When will it be ready?

    And….oh…Keep up brilliant worn guys.

  4. Or, cleaner and more portable, make a simple rewrite rule plugin :)

  5. My coding skills are next to nil, so I have to ask: where, exactly, is “before the default WordPress rewrite stuff”? You mean at the very top of the file, before the “# BEGIN WordPress” line (I doubt it, but maybe)? Or before the “RewriteEngine On” line? Or after the three lines starting “RewriteEngine On”? Or somewhere else? A very precise position — so I don’t screw up — would be much appreciated. Thanks!

  6. The “R” flag is implicit if an absolute URL appears anywhere in the rule. I believe what you want is the relative URL:

    RewriteRule ^login$ wp-login.php [NC,L]

    • Would this relative version work for all mapped sites of a WordPress MultiSite install, if it resided in the root of a WordPress MultiSite install?

    • Thompson January 13, 2011

      The relative url worked for me! Thank you.

  7. Anything different or anything to consider if you have a dedicated IP address and SSL on your domain? Would that have any effect on the ReWrite code?

  8. Rachel Baker January 12, 2011

    I have done this via the .htaccess file, wouldn’t that be easier?

  9. mark Johnson January 12, 2011

    In my .htaccess file i have the following but when i go to www.myurl.com/login it gives me a 404 page not found error. Did i do the code right?

    RewriteRule ^login$ http://www.myurl.com/wordpress/wp-login.php [NC,L]
    RewriteRule ^admin$ http://www.myurl.com/wordpress/wp-admin/index.php [NC,L]
    RewriteEngine On
    RewriteCond %{HTTPS} on
    RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L]
    # BEGIN WordPress
    # END WordPress

    • “RewriteEngine On” must be set before you can use any “Rewrite” modifications

      • mark Johnson January 13, 2011

        Yes you are correct. I did rearrange that part and put it at the top instead and it worked like a charm. Thanks for your help.

  10. I usually add a line in .htaccess file like

    Redirect /admin http://yoursite/wp-admin

    The reason I prefer redirecting admin instead of login is because, when I’m logged in already (remembered cookie) in some cases (not sure if this also applies to WP 3.0) it takes you to wp-login.php no matter whether you’re logged in already or not

    Whereas admin always takes you to the dashboard, unless you’re not logged in in which case it shows the login screen.

  11. I will surely use this

  12. Thompson January 13, 2011

    Is there anyway to append something like @edit onto a current post url to have you redirect to the wp-admin for editing that page???

  13. thanks, its very usefull. this method can prevent some hacker :D

  14. This is really useful especially for commercial works.

    Thanks for sharing!

  15. Nice tip! For a Nginx powered website, how would you implement this redirection?

  16. A slightly more complex one, which gives users a little more flexibility:-

    RewriteEngine On
    RewriteCond %{REQUEST_URI} ^/login(/|(.php))*$ [OR]
    RewriteCond %{REQUEST_URI} ^/admin(/|(.php))*$
    RewriteRule .* /wp-admin/index.php [NC,L]

    This will redirect any combination of /login, /login.php, /login/ or /admin etc, in case a user doesn’t remember it quite right.

    @dgrut – this won’t give you any hacker prevention, as the original WP URL is still valid. However, if you put your WP install in an obscure subdirectory and amended the RewriteRule to something like:-

    RewriteRule .* /obscure-sub-directory/wp-admin/index.php [NC,L]

    That might give some protection (though it’s not hard to figure out what that subdirectory is just by looking at the source of any page).

  17. Sorry, getting my bbcode/html mixed up…

    RewriteEngine On
    RewriteCond %{REQUEST_URI} ^/login(/|(.php))*$ [OR]
    RewriteCond %{REQUEST_URI} ^/admin(/|(.php))*$
    RewriteRule .* /wp-admin/index.php [NC,L]

    • I used this when 3.1 was released, it doesn’t render the http://www.domain.com/login, instead it says http://www.domain.com/wp-login.php?redirect_to=http%3A%2F%2Fwww.domain.com%2Flogin&reauth=1

      • That’s correct behavior. You are actually on the wp-login.php page and it’s then redirecting you to the page you requested which is domain.com/login. It won’t hide the URL after you type it, it’s for convenience to type whatever you want instead of wp-login.php.

      • Also, you’ll note that once you login you are taken to domain.com/wp-admin like normal.

  18. Great tip! Where’s the I Like button for facebook? :)

  19. DirectoryIndex /vip/index.php

    Redirect http://www.xxx.com/vip/wp-admin/ http://www.xxx.com/vip/wp-admin/index.php

    RewriteEngine On
    RewriteBase /vip/
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /vip/index.php [L]

  20. is it redirected to /wp-login.php or just showing the login in /login ?

  21. Kaushik Biswas February 4, 2011

    I know nothing about fixing all this, so this will be very helpful for my personal blog site. This is wonderful if I can access wp-login.php with some other name :)

  22. Great tip … this has really helped me with a SSL redirect question for admin and login on a secure multisite

  23. This should be a WordPress core feature, so I’ve added it to the WordPress

    You can vote for it on WordPress.org.

  24. This is awesome but I really would like to use it and close off access via ‘/wp-admin’. Is there a method for doing this? Is it not advisable. If it can be done I am assuming that forgetting your login would suck.

Comments are closed. Contact us with any critical information. Thank you!

Code is poetry