There are various ways you can secure your WordPress installation, some of them are true security measures and some of them are just concealers. One thing I have been looking to do with my WordPress installations was to change the URL for user login and registration. I feel as though having wp-login.php in the url is not necessary, this should me modifiable by default, and getting rid of it would make me very happy. Luckily for us, there is an easy way to do this; just a simple theme and .htaccess modification will get the job done.
The first order of business is to edit your .htaccess file. This is located in the root of your hosting account. In my case, on my hosting platform this would be in the public_html folder. It may be worthwhile to find out from your web host if they support mod_rewrite. Just add the following:
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^login$ wp-login.php [L,NC,QSA] RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule . /index.php [L] </IfModule>
The next order of business is to modify your theme’s functions.php file. Add the following:
// -------------------------------------------------------------------------- // Start Rename WordPress Login Link // -------------------------------------------------------------------------- add_filter('site_url', 'wplogin_filter', 10, 3); function wplogin_filter( $url, $path, $orig_scheme ) { $old = array( "/(wp-login\.php)/"); $new = array( "login"); return preg_replace( $old, $new, $url, 1); } // -------------------------------------------------------------------------- // End Rename WordPress Login Link // --------------------------------------------------------------------------
Now instead of having to use the http://somedomainname.com/wp-login.php you can use http://somedomainname.com/login
Note: These functions are not of my own creation, simply things I have found along the way. If you are the author of this function, please let me know so I can properly credit you with your work!