Setting Up Your Custom Login URL

Why Change Your Login URL?

By default, every WordPress site is accessible at /wp-login.php and /wp-admin. Automated bots scan the entire internet for these URLs and attempt to break in. Hiding your login behind a custom URL means bots cannot find it — you cannot brute-force a door you cannot find.

How to Set Your Custom Login URL

1. Go to Tools → WP 1 Click LockDown.
2. In the "Login URL Masking & Brute-Force Protection" section, make sure "Enable custom login URL" is checked.
3. Enter your desired login slug in the "Custom login slug" field. Use lowercase letters and hyphens only (e.g. my-login or admin-access).
4. Set the "Redirect visitors who hit /wp-login.php to" field — this is where bots and lost visitors end up. Your homepage is a safe default.
5. Click Save All Settings.
6. Your new login URL is: https://yoursite.com/your-slug/

Choosing a Good Login Slug

• Avoid obvious slugs like: admin, login, wp-login, signin, dashboard
• Use something memorable but not guessable: team-portal, staff-access, manage-site
• Do not use your domain name or business name as the slug
• Lowercase letters and hyphens only — no spaces or special characters

What Happens to /wp-login.php?

Once the custom URL is active, any request to /wp-login.php or /wp-admin (when not logged in) is silently redirected to the URL you specified in the redirect field. The login page itself still works — it is just moved to your custom URL.

How to Change or Disable the Custom Login URL

1. Log in at your current custom login URL.
2. Go to Tools → WP 1 Click LockDown → Login URL Masking section.
3. Either update the slug to a new value, or uncheck "Enable custom login URL" to revert to /wp-login.php.
4. Click Save All Settings.