Home > blog, tip and trick > trik wordpress >> 3 safe steps to change the URL wp-admin folder

trik wordpress >> 3 safe steps to change the URL wp-admin folder

credit for http://www.dalih.net/

security, cange wp-admin URL

cange wp-admin URL

One important step to secure your website with wordpress platform is improve security of your admin page. Almost all wordpess administrators know that file system of wordpress contain wp-admin folder. But, did you ever think your website are not safe? (website in this topic is the wordpress CMS). One disadvantage of wordpress is almost all the wordpress administrator knows the name of wp-admin folder. If there is naughty someone (hacker) wants enter into a wordpress admin pages, definitely the main target is the wp-admin folder. But what would happen if the URL of the wp-admin folder, renamed with another name? Say replaced with name ‘secret-folder’. This will cause the hackers find it hard to get into the admin page of your website.


But how to change the URL of the wp-admin folder ?. You can not directly change the name of wp-admin folder, because it will cause the wordpress system is broken.

Below are 3 safe steps to change the URL of the wp-admin folder:

Step 1, Changing the contents of the .htaccess file

The .htaccess file is a configuration file that resides in a directory and indicates which users or groups of users can be allowed access to the files contained in that directory. And with .htaccess file we can create  mirror urls of the original url. Now, go to the file manager of your website and find the .htaccess file in the root folder of your website.htaccess

Then add the following code above the code # BEGIN WordPress.

#BEGIN create a mirror of wp-admin folder
RewriteEngine on
RewriteBase /
# Creating a mirror URL of wp-admin folder
RewriteRule ^secret-folder/(.*) wp-admin/$1?%{QUERY_STRING} [L]
#END create a mirror of wp-admin folder

You must replace the ‘secret-folder‘ word with another name you want. Do not use this word, because this is just an example.

Step 2, Changing constants  ADMIN_COOKIE_PATH

If you just do the first step and without changing the constants ADMIN_COOKIE_PATH, you would just change the URL of the wp-admin folder but you will never succeed to login and get into the admin page. This happens because Constanta ADMIN_COOKIE_PATH still contains the (SITECOOKIEPATH. ‘Wp-admin’). To change it find the file ‘default-constants.php’ in / wp-includes/default-constants.php. Use a file editor to change the contents.
Find the following code:

if ( !defined('ADMIN_COOKIE_PATH') )
	define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . 'wp-admin' );

then replace the word ‘wp-admin‘ to ‘secret-folder‘ or to your liking (the word must be same with the word in the .htaccess file).
so it becomes:

if ( !defined('ADMIN_COOKIE_PATH') )
	define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . 'secret-folder' );

Step 3, Add filter site_url to change all the wp-admin link in the frontpage or the admin page.

Important! If you not do this then all the links to the wp-admin folder will be rejected and redirected to the login page. For example the edit link to post and edit comments no longer works again. So this is an important step.
Now, open the functions.php on the current theme. Add the following code:

add_filter('site_url',  'wpadmin_filter', 10, 3);
function wpadmin_filter( $url, $path, $orig_scheme ) {
	$old  = array( "/(wp-admin)/");
	$new  = array( "secret-folder");
	return preg_replace( $old, $new, $url, 1);

Save and close all files. Finish. Now you can enter to your admin page with new URL ‘http://www.yourdomain.com/secret-folder/’ :) .
My advice is you must be careful in changing content of .htaccess file. If there are errors you will get server errors. For that you must be do it correctly

  1. February 1, 2012 at 12:04 am

    waah berat nich, bg newbie kayak sy ….dibaca saja dulu nich, step by step sampai ilmunya nyampe baru dipraktekin hehehe

    salam umaee 😀

    • February 5, 2012 at 8:01 am

      moggo mas… (red: silahkan)

  2. Lester
    January 16, 2013 at 3:00 am

    Seeking to replace the ole John Mc – Cain who ran us into this ditch a couple
    of years ago. As with most other out of doors Christmas decorations,.
    a mysterious personage who, in the bleak light of dawn one Christmas morning, stumbled on a foundling –
    a baby camera tenderly wrapped in a little travel rug and gently place in a tiny
    wicker sleigh, discretely left at her front door.

  3. March 6, 2013 at 1:59 pm

    It’s going to be finish of mine day, but before end I am reading this wonderful article to increase my knowledge.

  4. June 23, 2013 at 1:58 am

    I’m not sure exactly why but this site is loading incredibly slow for me. Is anyone else having this problem or is it a issue on my end? I’ll
    check back later on and see if the problem still exists.

  5. July 7, 2013 at 11:00 am

    Good article. I will be going through a few of these issues as well.


  6. July 23, 2013 at 12:21 pm

    I do believe all of the ideas you’ve presented on your post. They are really convincing and will definitely work. Still, the posts are very brief for newbies. Could you please lengthen them a bit from next time? Thank you for the post.

  7. July 25, 2013 at 2:19 pm

    You have made some good points there. I looked on the internet for more information
    about the issue and found most individuals will go along with your views on this site.

  8. August 2, 2013 at 8:39 am

    I have a willing analytical eye just for detail and may anticipate difficulties before these
    people happen.

  1. November 13, 2011 at 8:25 am
  2. April 3, 2013 at 9:56 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: