Wordpress Themes Review and Tutorials

3 safe steps to change the URL wp-admin folder.

One important step to secure your website with wordpress platform is improve security of your admin page. Almost all wordpess administrators know that file system of wordpress contain wp-admin folder. But, did you ever think your website are not safe? (website in this topic is the wordpress CMS). One disadvantage of wordpress is almost all the wordpress administrator knows the name of wp-admin folder. If there is naughty someone (hacker) wants enter into a wordpress admin pages, definitely the main target is the wp-admin folder. But what would happen if the URL of the wp-admin folder, renamed with another name? Say replaced with name ‘secret-folder’. This will cause the hackers find it hard to get into the admin page of your website.


But how to change the URL of the wp-admin folder ?. You can not directly change the name of wp-admin folder, because it will cause the wordpress system is broken.

Below are 3 safe steps to change the URL of the wp-admin folder:

Step 1, Changing the contents of the .htaccess file

The .htaccess file is a configuration file that resides in a directory and indicates which users or groups of users can be allowed access to the files contained in that directory. And with .htaccess file we can create  mirror urls of the original url. Now, go to the file manager of your website and find the .htaccess file in the root folder of your website. htaccess

Then add the following code above the code # BEGIN WordPress.

#BEGIN create a mirror of wp-admin folder
RewriteEngine on
RewriteBase /
# Creating a mirror URL of wp-admin folder
RewriteRule ^secret-folder/(.*) wp-admin/$1?%{QUERY_STRING} [L]
#END create a mirror of wp-admin folder

You must replace the ‘secret-folder‘ word with another name you want. Do not use this word, because this is just an example.

Step 2, Changing constants  ADMIN_COOKIE_PATH

If you just do the first step and without changing the constants ADMIN_COOKIE_PATH, you would just change the URL of the wp-admin folder but you will never succeed to login and get into the admin page. This happens because Constanta ADMIN_COOKIE_PATH still contains the (SITECOOKIEPATH. ‘Wp-admin’). To change it find the file ‘default-constants.php’ in / wp-includes/default-constants.php. Use a file editor to change the contents.
Find the following code:

if ( !defined('ADMIN_COOKIE_PATH') )
	define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . 'wp-admin' );

then replace the word ‘wp-admin‘ to ‘secret-folder‘ or to your liking (the word must be same with the word in the .htaccess file).
so it becomes:

if ( !defined('ADMIN_COOKIE_PATH') )
	define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . 'secret-folder' );

Step 3, Add filter site_url to change all the wp-admin link in the frontpage or the admin page.

Important! If you not do this then all the links to the wp-admin folder will be rejected and redirected to the login page. For example the edit link to post and edit comments no longer works again. So this is an important step.
Now, open the functions.php on the current theme. Add the following code:

add_filter('site_url',  'wpadmin_filter', 10, 3);
function wpadmin_filter( $url, $path, $orig_scheme ) {
	$old  = array( "/(wp-admin)/");
	$new  = array( "secret-folder");
	return preg_replace( $old, $new, $url, 1);
}<br /><br />

Save and close all files. Finish. Now you can enter to your admin page with new URL ‘’ :) .
My advice is you must be careful in changing content of .htaccess file. If there are errors you will get server errors. For that you must be do it correctly.

Are you have any questions related to this tutorial? Please don’t hesitate ask to us relevant questions.  We will very pleasure to give you an answer  as soon as possible. Thank you.

Note: we only monitor your question in this place. If you ask your question anywhere else, we do not guarantee you will get an answer from us. Currently we are in the process of transfer all comment to the Disqus comment system. So may be some old questions have not been fully imported. We hope you can understand. Thank you very much.

  • Zaidan

    Nice trick! I’ll try it. Thanks for share! :D

    • Dalih

      Your welcome. :D

  • Shelley

    I’ve followed these instructions by the letter. When I go to my ‘secret folder” URL, I get the 404 page. I was case sensitive. I’m using WP 3.2.1. What am I doing wrong?

    • Dalih

      I am also using wp 3.2.1, and it works fine here. problems may occur when editing the file htacsess. Please careful in using uppercase and lowercase letters. It would be better if you simply copy the code above, then edit it.

      • tamer

        by the way i can acess both the folder name as wp-admin and secret-folder

        • Andy

          Thanks for the Tute.
          Haven’t try yet, but jut by looking at the code, people seems still be able to enter the admin area by “wp-admin” as well as the secret-folder.

  • Gadgetszu

    Hi Dalih it’s good to read this security trick…i have a question that will it create any problem for my blog?

  • ??•??

    Step 3, Add filter site_url to change all the wp-admin link in the frontpage or the admin page.   
    How empty????

    • Dalih

      Thanks for your feedback, I’ve fixed it.

      • Amira

        Wow.. this is an awesome trick to have. I will try it next time once i am done with my business. Thanks for share! :)

  • tamer

    do we have to change (the folder that wp-admin) name to as secret-folder or jsut leave the same

  • Bel

    I tried this, and it didn’t work and the main site stopped working completely. A blank will just show up upon typing any url related to the site. I’ve since replaced back the three original files, but now the whole site is still gone. *sigh* 

    • Dalih

      I’m using wordpress 3.2.1 and I’ve tried and it works well. Please check again the steps above, may be there are exceeded.

    • prettyone

      How do I change the url if the wordpress is in a subfolder like
      for instance… I want to change

  • Ryan

    I’ve completed this but am having troubles with Safari and Firefox 3.6. I’m guessing they both aren’t taking the updated cookie path somehow… ? they redirect you to the login page, after trying to get to the internal page.

  • Udin

    I have error guys.. after changing the .htaccess
    I cannot access my blog.. because the error is
    Internal Server Error

  • Pali Madra

    Thank you for the tutorial.

    I was looking at other websites for instructions on changing the admin URL but most of the sites advocate the usage of the first step. According to your post this is not enough and I agree with your take.

    Does this mean that following instructions on other websites would only complete some part of the job?


    • Dalih

      Yes, you are right. :D

      • prettyone

        How is this done for multisites?

        • Dalih

          Sorry but I have not tried for the multisite

  • mia

    This solution only mirrors I am now able to login in using “/wp-login” and also “/secret-folder” which does not help. 

    How could I change the folder name “wp-admin” safely ? or this this now possible now the changes have been made?

Copyright ©2013 dalih all rights reserved. sitemap about blog contact