Documents / Sentinel Security / Features

Login URL Change

Published: 2026.03.18 Updated: 2026.03.20 As of v1.5.29

Login URL Change

Login URL Change replaces the default WordPress login URL (/wp-login.php) with a custom URL of your choice.

Why Change the Login URL

The WordPress login page is located at the well-known URL /wp-login.php. Attackers use automated tools to launch brute-force attacks against this known endpoint.

Changing the login URL provides the following benefits:

  • Block automated attacks: Bots target /wp-login.php, so changing the URL alone neutralizes many automated attacks
  • Reduce server load: Fewer unwanted requests, saving server resources
  • Reduce attack surface: Make the login page harder to discover

Important Note: Changing the login URL is a form of "security through obscurity" and is not a fundamental security solution on its own. Always combine it with brute-force protection, reCAPTCHA, and other security measures.

Configuration

  1. Navigate to SentinelSecurityLogin SecurityLogin URL Change
  2. Toggle the switch to Enabled
  3. Enter the new slug in the Custom Login URL field (e.g., my-secure-login)
  4. Click Save

Tips for Choosing a URL

Recommended URL examples:

  • /dashboard-access/

  • /team-login/

  • /portal-entry/

URLs to avoid:
  • /admin/ — Too easy to guess

  • /login/ — Too easy to guess

  • /wp-admin/ — Too close to the WordPress default

  • Simple words — May be tried in dictionary attacks

How It Works

Trailing Slash Enforcement

SentinelSecurity enforces a trailing slash.

  • example.com/my-login/ → Displays the login page
  • example.com/my-login → Returns 404 Not Found
This also prevents scanning without the trailing slash.

Access to Default URLs

When Login URL Change is enabled, access to the following URLs will be redirected to the 404 page (theme's 404 template):

  • /wp-login.php
  • /wp-login.php?action=register and all other action parameters

Session Timeout

If your session expires while working in the admin dashboard, you will be automatically redirected to the custom login URL. The WordPress session timeout modal also works correctly with the custom URL.

Recovery If You Forget the URL

Method 1: Disable the Plugin

  1. Connect to the server via FTP/SFTP
  2. Rename the /wp-content/plugins/sentinel-security/ folder (e.g., to sentinel-security-disabled)
  3. Log in using the default /wp-login.php
  4. Rename the folder back and reactivate the plugin
  5. Your settings will be automatically restored

Method 2: Check the Database

Use phpMyAdmin or similar tool to check the sentinel_security_login_settings entry in the wp_options table to find your configured URL.

Notes

  • After changing the login URL, be sure to bookmark the new URL
  • If working in a team, share the new URL with all members
  • Ensure the new login URL is excluded from caching in your CDN or cache plugin settings