Skip to content

Change Login URL

Change Login URL moves the WordPress sign-in screen to a private path you choose. Bots that hammer wp-login.php get a 404 instead of a login form - bookmark the new address so you never lock yourself out.

Requires an active WP PowerSuite license.

When enabled with a valid license, it:

  • Serves the login form at your custom slug (e.g. https://your-site.com/my-crew) instead of the public wp-login.php URL.
  • Returns 404 for unauthenticated requests to wp-login.php and wp-admin (so scanners don’t get a useful response).
  • Rewrites login-related links - login, logout, lost password, and register URLs point at the custom path.
  • Works network-wide on multisite when PowerSuite settings are network-wide.

It does not replace passwords, 2FA, or rate limiting - pair it with those for stronger hardening.

Enable it if:

  • You want to stop casual bots from finding the default login URL.
  • Agencies manage many sites and want a non-obvious sign-in path per client.
  • You’re combining it with branding modules (Login Page Customizer, logos) on the same custom URL.

Open the module’s Settings (gear icon) under WP PowerSuite -> Modules -> Change Login URL:

Setting Purpose Default
Login slug (login_slug) Path segment after your site home (lowercase letters, numbers, hyphens). Reserved WordPress paths are blocked for new values. login

Your sign-in URL becomes https://your-site.com/{login_slug}.

  1. Confirm an active license under WP PowerSuite -> License.
  2. Go to WP PowerSuite -> Modules, filter Login & Users, find Change Login URL, and turn it on.
  3. Open Settings, set a unique Login slug, and save.
  4. Bookmark the new URL immediately, then open it in a private window to confirm you can sign in.

To undo it, toggle the module off - wp-login.php works again.

  • Visit the custom URL (https://your-site.com/your-slug). ✅ Working: the WordPress login form loads.

Visit wp-login.php while logged out.

  • ✅ Working: 404 (not the login form).

Visit /wp-admin while logged out.

  • ✅ Working: 404 (not a redirect to the public login).

Log in via the custom URL, then use dashboard logout - you should return through the custom path.

  • 404 on the custom slug. Confirm the module is on, the license is valid, and the slug was saved. Clear caches/CDN that might still serve old routes.
  • Still see the login form at wp-login.php. License inactive, module off, or another plugin restoring the default URL.
  • Locked out. If you have filesystem/DB access, disable the module (or clear its settings) via WP PowerSuite storage; otherwise restore from backup or ask your host. Always bookmark first.
  • Slug rejected on save. Choose lowercase letters, numbers, and hyphens only; avoid reserved paths like wp-admin, wp-login, admin, feed.
What happens to wp-login.php after I change the login URL?

Unauthenticated visits to wp-login.php and wp-admin return a 404. Sign in only at your custom slug (for example /my-crew).

Will I lock myself out?

Only if you forget the new URL. Bookmark https://your-site.com/your-slug immediately after saving. You can turn the module off from WP PowerSuite if you still have admin access another way.

Does Change Login URL work on multisite?

Yes. With network-wide PowerSuite settings, the login slug applies to all sites in the network.

Can I use the slug login?

login is the default stored value, but it is also on the reserved list for new choices. Prefer a unique phrase such as your-site-crew.

Developer notes (hooks & filters)

Source: modules/change-login-url/module.php. Boot: critical. Context: both. Requires a valid license before hooks register.

  • template_redirect -> handleCustomLoginUrl (priority 1); Gravity Forms preview redirect at priority 0.
  • init -> blockDefaultLoginUrls (priority 1) for default login / unauthenticated admin paths.
  • Filters: site_url, network_site_url, wp_redirect, logout_url, login_url, lostpassword_url, register_url, retrieve_password_message, and woocommerce_lostpassword_url when WooCommerce is present.
  • Filter: wp_powersuite_is_custom_login_url_request - whether the current request is the custom login path.
  • Action used by other modules: wpps_before_custom_login_render (login UI modules may hook this).
  • Setting: login_slug (default login); sanitizeSettings() enforces ^[a-z0-9-]+$ and a reserved-slug list.