voodish logo
tweet rss book of faces Linked In

Rename WordPress admin directory

wordpress rename admin

Here’s how to rename your WordPress admin directory to add another level of security to your WordPress install.

This method is known as Security through obfuscation and is no substitute for true security, but it all helps in the sea of other WordPress installs out there.

1. Create a new directory in your root directory (eg. “myadmin”)
2. Create an index.php file in your “myadmin” directory… with the following code:

$admin_cookie_code="5434231426";
setcookie("WordPressAdminSession",$admin_cookie_code,0,"/");
header("Location: /wp-admin/index.php");

3. In your real WordPress Administrator directory (wp-admin), create a new htaccess file if you don’t already have one, using the following code:

RewriteEngine On
RewriteCond %{REQUEST_URI} ^/wp-admin
RewriteCond %{HTTP_COOKIE} !WordPressAdminSession=5434231426
RewriteRule .* - [L,F]

To enter your WordPress administration page, you would now point your browser to:
“http://yoursite.com/myadmin/” (highly advisable to choose a different admin name other than myadmin)
The php code will set a cookie that expires at the end of the session and redirect you to your real administration page.

No one will be able to load anything from the administrator directory without having gone through the “myadmin” directory first.

Choose another directory name for “myadmin” and change the cookie code “5434231426″ to something else.

Additionally

4. You can also restrict access to the wp-login.php file; but as this is in the root directory rather than the wp-admin folder, you will need to add the following to your root .htaccess file:

RewriteEngine On
RewriteCond %{REQUEST_URI} ^/wp-login.php
RewriteCond %{HTTP_COOKIE} !WordPressAdminSession=5434231426
RewriteRule .* - [L,F]

Getting a 404?

Please NOTE, that if you get any 404’s when your system is logging you out, then make sure to simply navigate back to your secret login URL:
e.g: http://yoursite.com/myadmin/

Related Articles

Comments RSS Feed

17 Comments

  1. itworks November 6, 2010

    This actually works! Thanks a million buddy - I’ve searched everywhere (most other solutions don’t work)…very happy, cheers!!

  2. Go to Top of the page

  3. wp-login November 6, 2010

    This still doesn’t block wp-login.php

  4. Go to Top of the page

  5. admin November 6, 2010

    This is do-able too, I have updated the main article to reflect this.

    You still wouldn’t be able to login via wp-login.php with the old method, but the additional amendment hides that from Public view also, I hope this helps.

  6. Go to Top of the page

  7. dpd November 7, 2010

    Finally, a way to do this! Nice1 m8, cheers :D

  8. Go to Top of the page

  9. admin November 15, 2010

    No probs, I’m glad it helps others too :)

  10. Go to Top of the page

  11. Andrei December 27, 2010

    Strange, I can’t get it to work on my site.
    Looks very handy though, will try to sort it out.

  12. Go to Top of the page

  13. Andrei December 27, 2010

    Ok, got it I think.
    In step 3 WordPressSession should be changed to WordPressAdminSession

  14. Go to Top of the page

  15. admin December 29, 2010

    Nice catch Andrei!, now changed, the original was correct, but during updates this was pasted from an older working version - thanks for spotting that! :)

  16. Go to Top of the page

  17. Andrei January 4, 2011

    Hah, don’t mention it.
    I’ve been having a lot of mysterious problems with it lately nevertheless: one day it works, the other - doesn’t. It seems my host is screwing around with Apache settings or something.

    Will post if I find out more. Cheers!

  18. Go to Top of the page

  19. Sten January 6, 2011

    Thank you very much for this workaround, it addresses an important security-flaw in wordpress against brute-force attacks. I’m using it now on my websitie. =)

  20. Go to Top of the page

  21. Luis January 14, 2011

    Thanks a lot! Very clever and easy to implement without messing up the core files.

  22. Go to Top of the page

  23. James October 3, 2011

    Hi there. I actually followed another article on renaming the entire folder into something else. It worked but for some reason, when I am logged in, I cannot preview the website at the same browser. I will state “Server Error”. If I view it at another browser, its perfectly fine. Need your advice on this.

  24. Go to Top of the page

  25. admin October 12, 2011

    @James, how about changing it back to standard then trying the tried and tested version above.

    Alternatively we can be comissioned to fix someone elses plugin if you would like, send us a quick email here »

  26. Go to Top of the page

  27. Error November 12, 2011

    Now that I did what you said above login.php file, I’m unable to log out.

    “You don’t have permission to access /wp-login.php on this server.” — when trying to log out.

  28. Go to Top of the page

  29. admin February 15, 2012

    @ Error, close your browser window and try again.
    It’s worked flawlessly on many, many WP installs… we actually run the same on Joomla too

  30. Go to Top of the page

  31. EntuTeque February 25, 2012

    Does this does work on a Windows install of Wordpress?

  32. Go to Top of the page

  33. admin March 16, 2012

    @EntuTeque, it works on WAMP, but please let us know your config and how you get on, thanks.

  34. Go to Top of the page

Leave a comment