Change the default WordPress login page with WP Ghost through WP Ghost > Change Paths > Login Security. Enter a custom name in the Custom Login Path field and save. The default /wp-login.php and /login paths can also be hidden from bots in the same panel, so attackers scanning for WordPress logins get a 404 instead of reaching the login form. WP Ghost does not move, rename, or modify any WordPress file, all changes work through server rewrite rules, which means no impact on SEO or page speed, and deactivating WP Ghost restores defaults instantly.
Why Change the Default Login Page
The /wp-login.php, /wp-login, and /login paths are the first URLs hacker bots check when scanning a site. Bots assume every WordPress site has these paths at their default locations and send automated brute force attempts against them. Changing and hiding these paths is one of the most effective hack prevention steps you can take on WordPress.
How to Change the Login Path with WP Ghost
Step 1. Activate Safe Mode or Ghost Mode
Go to WP Ghost > Change Paths > Level of Security. Select Safe Mode or Ghost Mode. Safe Mode applies essential path changes, Ghost Mode adds advanced path security. Save. See Set Up WP Ghost in Safe Mode in 3 Minutes for the quick-start walkthrough.
Step 2. Set a Custom Login Path
Go to WP Ghost > Change Paths > Login Security. Enter a custom name in the Custom Login Path field (for example, “customlogin” or a unique word you choose). Save.
Choose a name that is not easily guessable. Avoid obvious options like “login”, “signin”, “access”, or “admin-login”, bots are programmed to try common variations. A unique word or combination works best.
Step 3. Hide the Default Login Paths
In the same WP Ghost > Change Paths > Login Security panel:
Switch on Hide “wp-login” to hide the wp-login.php and wp-login paths from non-logged-in visitors. Switch on Hide “login” to also hide the /login path. Save. Once active, requests to any of these default paths return a 404.
Step 4. Save Your New Login URL
Your new login URL is yourdomain.com/your-custom-name. Bookmark it, save it in a password manager, or share it with your team through a secure channel. If you lose this URL and cannot access the admin dashboard, follow the recovery steps in How to Disable WP Ghost in Case of an Error.
Note! No files or directories are physically altered. All changes are implemented through server rewrite rules, ensuring no impact on SEO or loading speed.
Beyond Changing the Login Path
Changing the login path is the foundation of login security. For complete protection, WP Ghost includes several complementary features:
Brute force protection with reCAPTCHA. Even if a bot finds your login URL, reCAPTCHA blocks automated submission attempts. See Brute Force Attack Protection.
Two-Factor Authentication. Add a second verification step so password compromises do not lead to account breaches. See Two-Factor Authentication and Passkey 2FA.
Clean Login Page. Remove the default WordPress branding and customize the login appearance. See Clean Login.
Login Page Design Customization. A full visual customizer for login backgrounds, colors, fonts, and layout. See Login Page Design Customization.
Frequently Asked Questions
What is a good custom login path name?
Anything that is not easily guessable. Avoid obvious names like “login”, “signin”, “access”, “admin”, “wp-login”, or your site name. A unique word, a combination of words, or a random-looking string works well. The goal is to pick something bots will not try.
What happens if someone visits the old /wp-login.php URL?
With the Hide options active, they get a 404 Page Not Found error. If you want a different response (for example, redirect to the homepage or show a 403 Forbidden), you can configure this at WP Ghost > Tweaks > Redirects in the Redirect Hidden Paths option.
Does changing the login path affect other plugins?
In most cases no, because WP Ghost uses rewrite rules rather than file modifications. Plugins that call WordPress’s login functions internally continue working normally. If another security plugin has also customized the login path, review both plugins to ensure only one is handling the custom path, to avoid conflicts.
What if I get locked out after changing the login path?
WP Ghost provides emergency recovery options if you cannot access your custom login path. See How to Disable WP Ghost in Case of an Error for the full recovery procedures.
Can I change the path again later?
Yes. You can update the custom login path at any time at WP Ghost > Change Paths > Login Security. The previous custom path stops working immediately, and the new one activates after you save. Remember to update any bookmarks or team documentation after the change.
Does WP Ghost modify WordPress core files?
No. WP Ghost works through server rewrite rules and WordPress hooks. The login path change is implemented virtually, no WordPress files are moved, renamed, or modified. Deactivating WP Ghost restores the default /wp-login.php instantly.
Read More: Change and Hide Login Path with WP Ghost