更改Wordpress管理员URL

Question

I changed my Wordpress directory structure quite a bit. Here's what I have:

define('WP_SITEURL', 'http://' . $_SERVER['SERVER_NAME'] . '/wordpress');
define('WP_HOME',    'http://' . $_SERVER['SERVER_NAME']);
define('WP_CONTENT_DIR', dirname(__FILE__) . '/content');
define('WP_CONTENT_URL', 'http://' . $_SERVER['SERVER_NAME'] . '/content');

So I have a content directory which contains my Plugins and Themes. And then I have a wordpress directory which contains the core WP files, minus the wp-content folder.

With this new structure, I have to access the WP backend with this URL: http://site.dev/wordpress/wp-admin

Is there a way I can change it so I can just access it like so: http://site.dev/wp-admin

I don't want wordpress to be in the URL. Would this be an htaccess update I need to make, or is there a setting I can use in my wp-config.php file?

Answer 1

Here's an article from wordpress's site.

http://wordpress.org/support/topic/how-to-change-the-admin-url-or-wp-admin-to-secure-login

1. Add constant to wp-config.php

    define('WP_ADMIN_DIR', 'secret-folder'); define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . WP_ADMIN_DIR); 

2. Add below filter to functions.php

    add_filter('site_url', 'wpadmin_filter', 10, 3); function wpadmin_filter( $url, $path, $orig_scheme ) { $old = array( "/(wp-admin)/"); $admin_dir = WP_ADMIN_DIR; $new = array($admin_dir); return preg_replace( $old, $new, $url, 1); } 

3. Add below line to .htaccess file

    RewriteRule ^secret-folder/(.*) wp-admin/$1?%{QUERY_STRING} [L] 

Answer 2

I played around with this and there is a much simpler way to do this all in this one simple function below without having to muck around with anything else (create unnecessary folders, redirects, pages, etc.).

// Simple Query String Login page protection
function example_simple_query_string_protection_for_login_page() {

$QS = '?mySecretString=foobar';
$theRequest = 'http://' . $_SERVER['SERVER_NAME'] . '/' . 'wp-login.php' . '?'. $_SERVER['QUERY_STRING'];

// these are for testing
// echo $theRequest . '<br>';
// echo site_url('/wp-login.php').$QS.'<br>';   

    if ( site_url('/wp-login.php').$QS == $theRequest ) {
        echo 'Query string matches';
    } else {
        header( 'Location: http://' . $_SERVER['SERVER_NAME'] . '/' );
    }
}
add_action('login_head', 'example_simple_query_string_protection_for_login_page');

Answer 3

This is very helpful topic. I made some little correction in the function and this is my version:

add_filter('site_url',  'wpadmin_filter', 10, 3);

 function wpadmin_filter( $url, $path, $orig_scheme ) {
    $request_url = $_SERVER['REQUEST_URI'];

    $check_wp_admin = stristr($request_url, 'wp-admin');
    if($check_wp_admin){
        wp_redirect( home_url( '404' ), 302 );
        exit();
    }

    $old  = array( "/(wp-admin)/");
    $admin_dir = WP_ADMIN_DIR;
    $new  = array($admin_dir);
    return preg_replace( $old, $new, $url, 1);
 }

Mainly for redirecting of wp-admin .

And most important part:

add_rewrite_rule( '^' . 'backend/(.*)','wp-admin/$1?%{QUERY_STRING}' );

To updates .htaccess rule.

Answer 4

All I did was moved /wp-admin folder ( inside of public_html/wordpress ) into public_html and I double checked to make sure it was going to work by renaming my WordPress folder ( I used wordpress_test , you can use anything ) and went to my site example.com/wp-admin - it worked just the same as if I went to example.com/wordpress/wp-admin .

The only thing which is quite tricky is changing the wp-admin to something else , due to the fact the WP had coded the wp-admin throughout numerous files. Just simply changing the name causes php and other errors. Simple plugin I find will fix that easily.

Note : I didn't have to make any coding to do this. I had to change some code around for the wp-admin , because the plugin didn't do what I wanted.

Answer 5

There is one other way that will ensure quite better tactic to your secured wp-admin.

As well having own wp-admin name as perhaps: "worksersneeded/"

I did it to one of my sites, ended up in miracle where the probed SSL site was displaying different towards my site from different geo locations.

You will have to download a tool called Notepad ++: https://notepad-plus-plus.org/download/

Unless you will be doing to much work on each of the files in the directory.

After then you need to extract the WordPress into a folder.

Then edit all files in the directory while searching after wp-admin. Then replace all the files with your the name: "workersneeded" or your own name.

Like in notepad enter "search in files" to "find what": wp-admin/

And in "replace with": workersneeded/

Then replace all files.

You need to put into wp-config.php this line as well to monitor all problems:

ini_set('log_errors',TRUE);
ini_set('error_reporting', E_ALL);
ini_set('error_log', dirname(__FILE__) . '/error_log.txt');

After you overwritten most in the WordPress directory and your wp-admin has now the name "workersneeded" you will most likely encounter slight problems with some of your WordPress plugins or themes.

That is why you will need to log them into the error_log.txt file.

After finding the errors in the file. You will most likely need to edit the .php file which still tries to connect to wp-admin. That way you can replace the file information of wp-admin to your administration folder.

You can again download your plugins and replace the same procedure as above with notepad++. That way you can make all plugins available with the new folder name.

Then upload the folder of each plugin into your wp-content directory with wp file manager plugin.

Be aware that your WordPress can't be auto-updated or updated doing so, even doing re-installation of your WordPress. You will have to do these replacements each time.

This was done with 4.9.8 version of WordPress as well as the newest 5.0.3

With 5.0.3 you get more errors into the error_log.txt file. Unknown why.

Answer 6

Finally found a way to do it without a plugin AND WITHOUT MODIFYING WP CORE (all tutorials suggests to do so for some weird reason).

1- Copy wp-login.php and rename it to new-secret-url.php (on your root directory)

2- Open new-secret-url.php file and perform a search/replace of wp-login.php to new-secret-url.php

3- Add the following code to your functions.php:

/** Hide default login */
add_action( 'init', 'marounmelhem_hide_login' );
function marounmelhem_hide_login() {

    //Only proceed for guests
    if ( ! is_user_logged_in() ) {

        //Getting current page
        $current_url   = str_replace( '/', '', $_SERVER['REQUEST_URI'] );
        $hiddenWpAdmin = 'new-secret-url'; //Change this to your new secret wp-admin url
        $redirectNaTo  = '/';

        //Checking if accessing correct login url
        if ( $current_url == $hiddenWpAdmin ) {
            wp_redirect( '/'.$hiddenWpAdmin.'.php' );
            exit;
        }

        //Only allow requests to wp-login.php coming from correct login url
        $adminToCheck = [
            'wp-admin',
            'wp-login.php'
        ];
        if (
            in_array( $current_url, $adminToCheck )
            &&
            $_GET['action'] !== "logout"
        ) {
            wp_redirect( $redirectNaTo );
            exit();
        }
    }
}

4- This only works if you're not using any other frontend login forms, if you do, you can change:

is_user_logged_in() to possibly !current_user_can( 'subscriber' ) (or the role given in the frontend login logic)

5- Not sure if ajax calls works with the above, please let me know if you've tried it