Beginner users interacting with WordPress go through a hard time logging in to their accounts. In this article, I'll explicate how to find your WordPress login URL and a few other essential things that need to exist highlighted regarding the login process.

Let'southward first from the beginning.

Prefer to watch the video version?

Importance of the WordPress Login

Afterward installing WordPress, you'll gain access to your website's admin dashboard, where you accept the opportunity to set upwardly your site as you need and alter a few things.

This would be incommunicable if yous had no access to the admin pages. The login page is what keeps you—and others—from accessing the direction "side" of your WordPress site.

Information technology is most impossible to take full control of your site/web log if you take no access to the admin area.

But where is this WordPress login page located?


How to Find the WordPress Login URL

Finding the WordPress login page is probably more straightforward than you'd expect. On a fresh WordPress installation, adding /admin/ (e.g.: www.yourawesomesite.com/admin/) or /login/ (due east.thou.: world wide web.yourawesomesite.com/login/) at the end of your website'due south URL volition redirect you lot to the login folio.

Usually, these two should direct accept you to your WordPress login folio. In example this doesn't happen, there is an additional fashion to reach your login page: you can add /wp-login.php at the cease of the URL, like in this instance: www.awesomesite.com/wp-login.php.

How to Observe the WordPress Login URL on a Subdirectory or Subdomain

All of this works for a standard and new WordPress installation. But there's a gamble you might accept installed WordPress on a subdirectory of your domain such as www.yourawesomesite.com/wordpress/ or a WordPress subdomain such every bit blog.yourawesomesite.com/.

If that's the case, you'll demand to append one of the same paths right later the subdirectory or subdomain's closing slash, i.e. the / symbol, to get something like this:

  • www.awesomesite.com/wordpress/login/ or
  • www.awesomesite.com/wordpress/wp-login.php

No matter which one yous're using, any of them should take yous to your WordPress login page. If you don't want to forget well-nigh information technology, bookmark your preferred URL.

Alternatively, there is a "Remember Me" option in the WordPress login class, which will allow you lot to stay logged in and reach the admin dashboard for a few days without the need to log in again (based on how your cookies are set):

The "remember me" option on WordPress login form
The "call up me" option on the WordPress login course

Logging in via the WordPress login page is a crucial yet like shooting fish in a barrel chore to do. If nothing incorrect and/or malicious is happening on your site, you'll need your email address/username and your countersign.

That'due south all. Unfortunately, bad guys are everywhere, and your site could go a target.

What can yous practice to discourage them, so?

Let's move the login page at to the lowest degree!

Where the heck is the #WordPress login page? 😤Follow these tips to easily detect your login URL and improve your security at the same time! Click to Tweet

How to Alter the WordPress Login Page

Your login folio shouldn't be accessible to hackers and malicious attackers (aka the bad guys) considering they might become admission to your site'due south admin page and start messing things up. Not a skillful experience to have, trust me!

While using a strong, unique, long countersign can really play in your favor for preventing unauthorized access to your site, there's never enough things yous could practise when security is at pale.

One quick and effective fashion to keep the bad guys out is to move the WordPress login folio to a new unique URL. Changing the login URL through which yous and your users can access your WordPress site could really help when information technology comes to fighting random attacks, hacks, and brute forcefulness attacks.

Ane discussion most animal strength attacks: animate being strength attacks are hacking attempts where the malicious discipline tries to guess your username and password repeatedly, exploiting lists of common usernames and passwords that have leaked on the web. What they practice is endeavor thousands of combinations taking advantage of scripts that automate all of their attempts.

In that location is a loftier take a chance that either your WordPress password or username might be on one of these leaked lists in today's world. If y'all add that WordPress login standard URL is something publicly known to this scenario, well, you'll go how like shooting fish in a barrel it is to gain access to your WordPress site for hackers and malicious attackers.

That's why moving the WordPress login page to a different path can help you.

Change Your WordPress Login Page with a Plugin

The most common and probably easiest way to change your WordPress login URL page is by using a free plugin like WPS Hibernate Login, which more than 800k users actively employ.

The plugin is very lightweight, and more chiefly, it doesn't change any files in core or add rewrite rules. It simply intercepts requests. It's also uniform with BuddyPress, bbPress, Limit Login Attempts, and User Switching plugins.

WPS Hide Login plugin
WPS Hide Login plugin

Once downloaded and activated, all you need to do is:

  1. Click on WPS Hide Login from the Settings tab in your right-paw sidebar.
  2. Add your new Login URL path in the Login URL field.
  3. Add a specific redirect URL in the Redirection URL. This page will trigger when someone tries to access the standard wp-login.php page and wp-admin directory while not logged in.
  4. Hit Relieve Changes.
WPS Hide Login plugin
WPS Hide Login plugin

An alternative premium plugin yous can use to alter your login URL is Perfmatters, developed by one of the team members at Kinsta.

As changing your WordPress login URL can aid to ward off the shallow attackers from accessing your site, I want to be articulate hither: adept and professionals hackers could potentially still go the actress mile and figure out your login folio anyway.

And so, why should you intendance? Well, security is a layers game, where the quality of your hosting plays a fundamental role. the more tools, tricks, walls y'all accept in place, the harder it'll exist for the bad guys to suspension into your site and gain control.

Changing your login URL can also help forbid mutual WordPress errors like "429 Likewise Many Requests." This is typically generated by the server when the user has sent too many requests in a given amount of fourth dimension (charge per unit-limiting). This can exist caused by bots or scripts hit your login URL. The end-user rarely causes this error.

429 too many requests
429 too many requests

Alter Your WordPress Login Page Editing Your .htaccess File

Other more technical ways to change or hide the WordPress login page URL is by editing your .htaccess file.

Typically used with cPanel hosts, the .htaccess file's main part is to configure rules and prepare system-wide settings. Since we're talking almost hiding the login folio, .htaccess tin handle that in 2 specific ways.

The commencement ane is about password-protecting your login folio with a .htpasswd so that anyone reaching your login page will exist required to put in a password before accessing the login page. If you're a Kinsta client, we use Nginx, and therefore there is no .htaccess file.

Yous can use our htpasswd tool to countersign protect your unabridged site. Or reach out to our back up team to lock down just your login page.

.htpasswd authentication prompt
.htpasswd hallmark prompt

The 2d option you lot have is enabling access to your login folio based on a listing of trusted IP addresses.

Limiting Login Attempts

Some other constructive security method is to limit the number of login attempts. If you lot're a Kinsta client, we automatically ban IPs with more than than 6 failed login attempts in a infinitesimal.

Or you can download a complimentary plugin such as Limit Login Attempts Reloaded.

Limit login attempts reloaded
Limit login attempts reloaded

The options in the plugin are pretty straightforward.

Subscribe Now

  • Total Lockouts: gives you lot the number of hackers who tried to break in, just failed.
  • Allowed Retries: the number of attempts an IP address is allowed to make before you lock them out.

Somewhere between four and six is probably the most popular retry amount. It allows real humans who are supposed to accept access to make mistakes (because, afterward all, we all do make mistakes when entering passwords), realize they're inbound the wrong password, and prepare their error.

Information technology's of import to fix it to the higher up ii points, particularly if you take frequent invitee bloggers or several contributing staff members responsible for managing your site.

  • Minutes lockout: how long an IP address will be locked out.

You might like to ready it to "forever," but that's not helpful for people who really practice make a genuine error — you desire those to be able to let themselves back in eventually. 20-30 minutes is virtually right.

  • Lockouts increase: considering if information technology's a Brute Strength Attack, it's probable to be back.

This function basically says "await," I've seen you lock yourself out several times before, then at present I'k going to lock you out for longer." Ane twenty-four hours is a good ane to go with.

  • Hours until retries: how long until it resets everything and lets people try again.

The plugin besides lets yous manage your whitelist, blacklist, and trusted IPs.

How to Fix the Nigh Common Issues with the WordPress Login

Logging into your WordPress site is a quick and easy job. Yet some users— and you lot?—might accept experienced some problems when trying to access their WordPress site. Such issues normally fall under ane of the post-obit scenarios:

  • Issues related to the password
  • Problems related to cookies

Let'southward accept a look at both and see how to address them!

WordPress Login: Password Lost/Forgot

If you're unable to log in, you might have a problem with your login credentials.

So, the very offset thing y'all should do is check whether the username and password entries you're typing in are really right. It'southward a common mistake made past most of us, though rarely.

Did it piece of work? If not, you lot might desire to alter your WordPress password earlier trying something else. To practice so, click the Lost your countersign? link correct below the login form:

Lost your password option
"Lost your password" link

You volition be redirected to a folio where you will exist asked your username/email, and a new countersign will be sent to you:

How to get a new WordPress password
How to get a new WordPress password

Manually Reset WordPress Password with phpMyAdmin

If this does not work, things will get a fleck more than complicated as you'll need to comport a manual password reset. Please don't do this if you don't feel comfortable working with database files.

Manually resetting your WordPress login countersign can be done past editing the password file on your database. If you accept access to phpMyAdmin in your host, this shouldn't be difficult.

E'er backup your site earlier doing any edits to database files in example something goes wrong.

Washed? Groovy!

Footstep i

Now, log in to phpMyAdmin. If you're a Kinsta client, you tin detect the login link to phpMyAdmin within the MyKinsta dashboard.

Login to phpmyadmin
Login to phpMyAdmin

Step 2

On the left-hand side, click into your database. So click on the table named wp_users. Then click on "Edit" next to the user login y'all need to reset.

Edit user in PhpMyAdmin
Edit user in phpMyAdmin

Stride 3

In the user_pass column, enter in a new password (information technology is case-sensitive). In the Function drib-downwardly menu, select MD5. Then click "Go."

Reset password in PhpMyAdmin
Reset password in phpMyAdmin

Step four

Examination the new password on your login screen.

Manually Reset WordPress Password with WP-CLI

Another mode to reset your WordPress password is by using WP-CLI. WP-CLI is a control-line tool for developers to manage common tasks (and non so common) of a WordPress installation.

Step 1

First, employ the following control to list all of the current users in the WordPress installation.

$ wp user listing

Pace 2

And then update the user password with the following command, user ID, and new desired password.

$ wp user update i --user_pass=strongpasswordgoeshere

Step iii

Test the new password on your login screen.

WordPress Login: Cookies

In some instances, you might non exist able to log in due to bug related to cookies. If so, y'all are ordinarily met with the following error:

Error: Cookies are blocked or not supported by your browser. You must enable cookies to apply WordPress.

Cookies are blocked or not supported error
Cookies are blocked or not supported error

WordPress login relies on cookies to piece of work. If they are disabled or not working correctly, chances are you lot will take problems on the login page. The kickoff affair to bank check is that cookies are enabled in your browser:

  • Cookies in Google Chrome
  • Cookies in Mozilla Firefox
  • Cookies in Net Explorer
  • Cookies in Safari

We frequently run across this on WordPress sites that take recently been migrated and on WordPress Multisite sites. Sometimes only refreshing your browser and trying to login again volition actually get you past this error. You could also try clearing your browser enshroud or open up a unlike browser in incognito mode.

If none of the higher up worked, you can endeavour adding the line below to your wp-config.php file, correct earlier /* That's all, cease editing!...*/ 

define('COOKIE_DOMAIN', simulated);

If information technology's a WordPress multisite setup, you might want to check and see if at that place is a sunrise.php file in the /wp-content/ folder and renamed information technology to sunrise.php.disabled.  This is a file used by an older domain mapping method.

Equally of WordPress 4.five, WordPress Multisite no longer requires a plugin to map domains. If you're a Kinsta client and unsure about this, please reach out to our support team and ask for help.

Summary

Your WordPress login page is the gateway that grants you access to your site. If you aren't able to log in successfully, you're but a site visitor.

That's why you should acquire how to reach this cardinal page so that you lot won't waste product lots of time every fourth dimension you need to log in to your WordPress site.

Want to improve your security a bit? Change the standard WordPress login URL with a custom one of your choice and share that URL only with trusted people! Also, brand sure to check this guide if WordPress keeps logging yous out.

(Suggested reading: How to Change Your WordPress URL)

Salve time, costs and maximize site performance with:

  • Instant help from WordPress hosting experts, 24/vii.
  • Cloudflare Enterprise integration.
  • Global audience attain with 29 data centers worldwide.
  • Optimization with our built-in Awarding Functioning Monitoring.

All of that and much more, in 1 program with no long-term contracts, assisted migrations, and a 30-day-coin-back-guarantee. Check out our plans or talk to sales to find the plan that's right for you.