Change Wordpress Admin URL
Solution 1:
Here's an article from wordpress's site.
http://wordpress.org/support/topic/how-to-change-the-admin-url-or-wp-admin-to-secure-login
-
Add constant to wp-config.php
define('WP_ADMIN_DIR', 'secret-folder'); define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . WP_ADMIN_DIR); -
Add below filter to functions.php
add_filter('site_url', 'wpadmin_filter', 10, 3); function wpadmin_filter( $url, $path, $orig_scheme ) { $old = array( "/(wp-admin)/"); $admin_dir = WP_ADMIN_DIR; $new = array($admin_dir); return preg_replace( $old, $new, $url, 1); } -
Add below line to .htaccess file
RewriteRule ^secret-folder/(.*) wp-admin/$1?%{QUERY_STRING} [L]
Solution 2:
I played around with this and there is a much simpler way to do this all in this one simple function below without having to muck around with anything else (create unnecessary folders, redirects, pages, etc.).
// Simple Query String Login page protection
function example_simple_query_string_protection_for_login_page() {
$QS = '?mySecretString=foobar';
$theRequest = 'http://' . $_SERVER['SERVER_NAME'] . '/' . 'wp-login.php' . '?'. $_SERVER['QUERY_STRING'];
// these are for testing
// echo $theRequest . '<br>';
// echo site_url('/wp-login.php').$QS.'<br>';
if ( site_url('/wp-login.php').$QS == $theRequest ) {
echo 'Query string matches';
} else {
header( 'Location: http://' . $_SERVER['SERVER_NAME'] . '/' );
}
}
add_action('login_head', 'example_simple_query_string_protection_for_login_page');
Solution 3:
This is very helpful topic. I made some little correction in the function and this is my version:
add_filter('site_url', 'wpadmin_filter', 10, 3);
function wpadmin_filter( $url, $path, $orig_scheme ) {
$request_url = $_SERVER['REQUEST_URI'];
$check_wp_admin = stristr($request_url, 'wp-admin');
if($check_wp_admin){
wp_redirect( home_url( '404' ), 302 );
exit();
}
$old = array( "/(wp-admin)/");
$admin_dir = WP_ADMIN_DIR;
$new = array($admin_dir);
return preg_replace( $old, $new, $url, 1);
}
Mainly for redirecting of wp-admin.
And most important part:
add_rewrite_rule( '^' . 'backend/(.*)','wp-admin/$1?%{QUERY_STRING}' );
To updates .htaccess rule.
Solution 4:
Finally found a way to do it without a plugin AND WITHOUT MODIFYING WP CORE (all tutorials suggests to do so for some weird reason).
1- Copy wp-login.php and rename it to new-secret-url.php (on your root directory)
2- Open new-secret-url.php file and perform a search/replace of wp-login.php to new-secret-url.php
3- Add the following code to your functions.php:
/** Hide default login */
add_action( 'init', 'marounmelhem_hide_login' );
function marounmelhem_hide_login() {
//Only proceed for guests
if ( ! is_user_logged_in() ) {
//Getting current page
$current_url = str_replace( '/', '', $_SERVER['REQUEST_URI'] );
$hiddenWpAdmin = 'new-secret-url'; //Change this to your new secret wp-admin url
$redirectNaTo = '/';
//Checking if accessing correct login url
if ( $current_url == $hiddenWpAdmin ) {
wp_redirect( '/'.$hiddenWpAdmin.'.php' );
exit;
}
//Only allow requests to wp-login.php coming from correct login url
$adminToCheck = [
'wp-admin',
'wp-login.php'
];
if (
in_array( $current_url, $adminToCheck )
&&
$_GET['action'] !== "logout"
) {
wp_redirect( $redirectNaTo );
exit();
}
}
}
4- This only works if you're not using any other frontend login forms, if you do, you can change:
is_user_logged_in() to possibly !current_user_can( 'subscriber' ) (or the role given in the frontend login logic)
5- Not sure if ajax calls works with the above, please let me know if you've tried it