Beginner users interacting with WordPress go through a hard time logging in to their accounts. In this article, I'll explain how to find your WordPress login URL and a few other essential things that need to be highlighted regarding the login process.

Let'southward kickoff from the beginning.

Prefer to lookout man the video version?

Importance of the WordPress Login

Afterward installing WordPress, you'll gain access to your website'south admin dashboard, where you have the opportunity to set your site equally you need and change a few things.

This would be incommunicable if you had no access to the admin pages. The login page is what keeps y'all—and others—from accessing the management "side" of your WordPress site.

It is about impossible to take full command of your site/blog if you have no access to the admin expanse.

But where is this WordPress login folio located?


How to Discover the WordPress Login URL

Finding the WordPress login page is probably more straightforward than you lot'd expect. On a fresh WordPress installation, adding /admin/ (eastward.g.: www.yourawesomesite.com/admin/) or /login/ (e.one thousand.: www.yourawesomesite.com/login/) at the end of your website's URL will redirect you to the login page.

Usually, these two should directly take you to your WordPress login page. In case this doesn't happen, at that place is an additional way to reach your login page: y'all can add /wp-login.php at the end of the URL, like in this example: www.awesomesite.com/wp-login.php.

How to Find the WordPress Login URL on a Subdirectory or Subdomain

All of this works for a standard and new WordPress installation. But there's a risk you might have installed WordPress on a subdirectory of your domain such as world wide web.yourawesomesite.com/wordpress/ or a WordPress subdomain such equally web log.yourawesomesite.com/.

If that's the instance, you'll demand to append one of the aforementioned paths right after the subdirectory or subdomain'due south closing slash, i.e. the / symbol, to get something like this:

  • www.awesomesite.com/wordpress/login/ or
  • www.awesomesite.com/wordpress/wp-login.php

No matter which one you're using, whatever of them should have you lot to your WordPress login page. If you don't desire to forget about it, bookmark your preferred URL.

Alternatively, at that place is a "Think Me" pick in the WordPress login grade, which will let you to stay logged in and achieve the admin dashboard for a few days without the need to log in again (based on how your cookies are set):

The "remember me" option on WordPress login form
The "remember me" option on the WordPress login form

Logging in via the WordPress login page is a crucial even so easy task to practise. If nada wrong and/or malicious is happening on your site, you'll demand your email address/username and your password.

That's all. Unfortunately, bad guys are everywhere, and your site could become a target.

What tin can you practise to discourage them, then?

Let'south move the login page at least!

Where the heck is the #WordPress login folio? 😤Follow these tips to easily observe your login URL and ameliorate your security at the same time! Click to Tweet

How to Change the WordPress Login Folio

Your login page shouldn't be accessible to hackers and malicious attackers (aka the bad guys) because they might get access to your site'south admin page and starting time messing things upward. Not a good feel to have, trust me!

While using a strong, unique, long password can really play in your favor for preventing unauthorized access to your site, there's never enough things you lot could do when security is at stake.

Ane quick and effective fashion to keep the bad guys out is to move the WordPress login page to a new unique URL. Changing the login URL through which you and your users tin can admission your WordPress site could really assistance when it comes to fighting random attacks, hacks, and beast force attacks.

1 word most brute force attacks: brute force attacks are hacking attempts where the malicious bailiwick tries to guess your username and password repeatedly, exploiting lists of mutual usernames and passwords that take leaked on the web. What they do is try thousands of combinations taking advantage of scripts that automate all of their attempts.

There is a high risk that either your WordPress countersign or username might exist on one of these leaked lists in today's earth. If you lot add together that WordPress login standard URL is something publicly known to this scenario, well, yous'll get how easy information technology is to gain access to your WordPress site for hackers and malicious attackers.

That's why moving the WordPress login page to a different path tin can help you.

Change Your WordPress Login Page with a Plugin

The most common and probably easiest mode to alter your WordPress login URL page is past using a free plugin similar WPS Hide Login, which more than 800k users actively use.

The plugin is very lightweight, and more than chiefly, it doesn't change whatever files in core or add together rewrite rules. It simply intercepts requests. Information technology's also compatible with BuddyPress, bbPress, Limit Login Attempts, and User Switching plugins.

WPS Hide Login plugin
WPS Hide Login plugin

One time downloaded and activated, all you need to do is:

  1. Click on WPS Hide Login from the Settings tab in your right-hand sidebar.
  2. Add together your new Login URL path in the Login URL field.
  3. Add a specific redirect URL in the Redirection URL. This page will trigger when someone tries to access the standard wp-login.php folio and wp-admin directory while non logged in.
  4. Hit Save Changes.
WPS Hide Login plugin
WPS Hibernate Login plugin

An alternative premium plugin yous can apply to change your login URL is Perfmatters, developed by one of the squad members at Kinsta.

As changing your WordPress login URL can assistance to ward off the shallow attackers from accessing your site, I desire to exist articulate here: expert and professionals hackers could potentially still become the extra mile and figure out your login page anyhow.

And so, why should yous care? Well, security is a layers game, where the quality of your hosting plays a key role. the more than tools, tricks, walls you have in place, the harder it'll exist for the bad guys to interruption into your site and gain control.

Irresolute your login URL can too help prevent common WordPress errors like "429 As well Many Requests." This is typically generated by the server when the user has sent too many requests in a given amount of fourth dimension (rate-limiting). This can exist acquired by bots or scripts hit your login URL. The terminate-user rarely causes this error.

429 too many requests
429 too many requests

Change Your WordPress Login Page Editing Your .htaccess File

Other more technical ways to change or hide the WordPress login page URL is by editing your .htaccess file.

Typically used with cPanel hosts, the .htaccess file'due south master function is to configure rules and gear up upwardly system-broad settings. Since we're talking near hiding the login page, .htaccess can handle that in ii specific ways.

The first i is about password-protecting your login page with a .htpasswd so that anyone reaching your login page will be required to put in a password earlier accessing the login folio. If yous're a Kinsta client, nosotros use Nginx, and therefore there is no .htaccess file.

Y'all can use our htpasswd tool to password protect your unabridged site. Or reach out to our support team to lock down only your login page.

.htpasswd authentication prompt
.htpasswd authentication prompt

The 2d selection you have is enabling admission to your login page based on a list of trusted IP addresses.

Limiting Login Attempts

Some other effective security method is to limit the number of login attempts. If you lot're a Kinsta client, we automatically ban IPs with more than six failed login attempts in a minute.

Or you can download a free plugin such every bit Limit Login Attempts Reloaded.

Limit login attempts reloaded
Limit login attempts reloaded

The options in the plugin are pretty straightforward.

Subscribe Now

  • Total Lockouts: gives you the number of hackers who tried to intermission in, simply failed.
  • Allowed Retries: the number of attempts an IP address is allowed to make earlier you lock them out.

Somewhere betwixt four and six is probably the most popular retry amount. Information technology allows real humans who are supposed to have access to make mistakes (because, after all, we all do brand mistakes when inbound passwords), realize they're entering the wrong password, and fix their mistake.

It's important to set information technology to the in a higher place two points, specially if you take frequent invitee bloggers or several contributing staff members responsible for managing your site.

  • Minutes lockout: how long an IP address will be locked out.

Yous might similar to set it to "forever," but that's not helpful for people who really do make a genuine error — you want those to be able to let themselves back in eventually. 20-30 minutes is about right.

  • Lockouts increase: because if it'south a Brute Force Attack, it's probable to be dorsum.

This role basically says "look," I've seen yous lock yourself out several times before, and then now I'm going to lock you lot out for longer." 1 day is a good ane to go with.

  • Hours until retries: how long until it resets everything and lets people try again.

The plugin also lets you manage your whitelist, blacklist, and trusted IPs.

How to Fix the Virtually Common Issues with the WordPress Login

Logging into your WordPress site is a quick and easy job. Yet some users— and you?—might accept experienced some bug when trying to access their WordPress site. Such bug usually autumn under ane of the following scenarios:

  • Issues related to the password
  • Problems related to cookies

Let's have a await at both and run into how to address them!

WordPress Login: Password Lost/Forgot

If you're unable to log in, you might have a trouble with your login credentials.

Then, the very starting time thing you lot should do is check whether the username and password entries you lot're typing in are actually correct. Information technology's a common fault made past virtually of us, though rarely.

Did it work? If not, you might want to change your WordPress password before trying something else. To do so, click the Lost your password? link right beneath the login class:

Lost your password option
"Lost your password" link

Y'all will be redirected to a page where you lot will be asked your username/email, and a new countersign will be sent to you lot:

How to get a new WordPress password
How to get a new WordPress password

Manually Reset WordPress Password with phpMyAdmin

If this does not work, things will go a flake more than complicated as y'all'll need to behave a manual password reset. Please don't exercise this if you don't feel comfortable working with database files.

Manually resetting your WordPress login password tin exist done by editing the countersign file on your database. If you accept access to phpMyAdmin in your host, this shouldn't exist hard.

Always backup your site before doing whatever edits to database files in case something goes wrong.

Washed? Cracking!

Step 1

Now, log in to phpMyAdmin. If y'all're a Kinsta customer, you can find the login link to phpMyAdmin within the MyKinsta dashboard.

Login to phpmyadmin
Login to phpMyAdmin

Step 2

On the left-hand side, click into your database. So click on the table named wp_users. And then click on "Edit" adjacent to the user login y'all need to reset.

Edit user in PhpMyAdmin
Edit user in phpMyAdmin

Step 3

In the user_pass cavalcade, enter in a new password (information technology is case-sensitive). In the Part drop-downward menu, select MD5. So click "Go."

Reset password in PhpMyAdmin
Reset password in phpMyAdmin

Step 4

Test the new countersign on your login screen.

Manually Reset WordPress Password with WP-CLI

Another way to reset your WordPress password is past using WP-CLI. WP-CLI is a control-line tool for developers to manage common tasks (and non so common) of a WordPress installation.

Step 1

First, use the post-obit command to list all of the current users in the WordPress installation.

$ wp user list

Footstep 2

And then update the user password with the following command, user ID, and new desired password.

$ wp user update ane --user_pass=strongpasswordgoeshere

Step 3

Test the new password on your login screen.

WordPress Login: Cookies

In some instances, you might not be able to log in due to issues related to cookies. If and so, you are usually met with the following error:

Error: Cookies are blocked or not supported by your browser. Yous must enable cookies to use WordPress.

Cookies are blocked or not supported error
Cookies are blocked or not supported mistake

WordPress login relies on cookies to piece of work. If they are disabled or not working correctly, chances are y'all will take problems on the login page. The start affair to bank check is that cookies are enabled in your browser:

  • Cookies in Google Chrome
  • Cookies in Mozilla Firefox
  • Cookies in Internet Explorer
  • Cookies in Safari

We often run across this on WordPress sites that have recently been migrated and on WordPress Multisite sites. Sometimes simply refreshing your browser and trying to login again will actually go you by this error. Yous could also try clearing your browser cache or open a different browser in incognito mode.

If none of the above worked, you tin can try adding the line beneath to your wp-config.php file, correct earlier /* That'southward all, terminate editing!...*/ 

define('COOKIE_DOMAIN', faux);

If it's a WordPress multisite setup, you might desire to check and come across if in that location is a sunrise.php file in the /wp-content/ folder and renamed information technology to sunrise.php.disabled.  This is a file used by an older domain mapping method.

As of WordPress 4.five, WordPress Multisite no longer requires a plugin to map domains. If you're a Kinsta client and unsure about this, please reach out to our support team and ask for aid.

Summary

Your WordPress login page is the gateway that grants you access to your site. If y'all aren't able to log in successfully, you're just a site visitor.

That's why you should acquire how to reach this cardinal folio and then that you won't waste lots of fourth dimension every time you lot demand to log in to your WordPress site.

Desire to improve your security a scrap? Change the standard WordPress login URL with a custom one of your choice and share that URL only with trusted people! Likewise, brand certain to check this guide if WordPress keeps logging you out.

(Suggested reading: How to Change Your WordPress URL)

Save fourth dimension, costs and maximize site performance with:

  • Instant aid from WordPress hosting experts, 24/7.
  • Cloudflare Enterprise integration.
  • Global audience reach with 29 data centers worldwide.
  • Optimization with our built-in Awarding Performance Monitoring.

All of that and much more than, in 1 plan with no long-term contracts, assisted migrations, and a thirty-twenty-four hours-money-dorsum-guarantee. Cheque out our plans or talk to sales to discover the plan that's right for you.