By default, the WordPress login URL is https://imzl.com/wp-login.php or https://imzl.com/wp-admin. This means anyone with malicious intent can easily find your site’s login page — a significant security risk. I recall seeing a tutorial on changing the default WordPress login URL a while back, but it looked quite cumbersome, requiring modifications to several files. I searched on Baidu and finally found a method involving the theme’s functions.php file, but after testing it, it didn’t work. So I had no choice but to figure it out myself…

This WordPress tip is actually quite straightforward.

1. Use an FTP client to download wp-login.php from your WordPress root directory to your local machine.

2. Open wp-login.php, find <!DOCTYPE html>, and insert the following code above it:

<?php
    if($_GET["aipsme"]!="nothing"){
   header('Location: https://imzl.com/');
}
   echo '<h1 style="text-align:center;margin-top:30px;">This is the real admin panel!</h1>';
?>

3. Re-upload wp-login.php to your WordPress root directory.

After completing these steps, your admin panel can only be accessed via https://imzl.com/wp-login.php?aipsme=nothing. Any other login URL will redirect to your homepage.

Note: The aipsme and nothing values in the code above can be freely changed to whatever you prefer.

This method can also be combined with the Login LockDown plugin for even better security!

That concludes the tutorial. Compared to the methods out there that require modifying multiple PHP files, this approach is considerably simpler.