Can I rename the wp-admin folder?

Is it possible to rename the wp-admin folder?

I know I could just rename it, but unless it’s supported by the code lots of things would break.

If I use a custom folder name, it will make it slightly more secure, security by obscurity and all that.

Solutions Collecting From Web of "Can I rename the wp-admin folder?"

Unfortunately it’s not currently possible nor does there appear to be will to consider it as a modification as you can see by this recent thread on the wp-hackers list and this ticket on trac.

If you’d really like to see this be revisited I’d suggest:

  1. Present your case on wp-hackers but be forewarned your use-case better be good and not “security through obscurity” or it will get shot down as above.

  2. Present your argument in a trac ticket with the same caveats.

  3. Even better, upload a patch to trac that enables your desired functionality. It’s much harder to say no when the work has already been done (but of course, they do have a preference for saying “no” a lot more often than they say “yes” so be forewarned.)

No, you cannot rename the folder. The path is hard-coded in multiple locations throughout WordPress’ source.

Security through obscurity isn’t really security anyway.

An approach that is officially supported by WordPress is to move the WordPress installation files into a sub-directory, while keeping the site in the root, like so:

Site URL:

Admin URL:

While this does not give you complete freedom in changing your admin url, it means you can prefix it with anything you like. This is just as good from a security point of view. It also has the benefit of moving all the WordPress installation files into a location unknown to users, so it should be part of any wordpress hardening strategy.

From the WordPress Codex: Giving WordPress Its Own Directory

Also, note that while this security scheme is called Obscure URL, it is not the same thing as security by obscurity. Obscure URL is a perfectly valid security scheme that is just as good as a password, while security by obscurity relies on using secret unproven procedures.

The same caveats apply though as with passwords: Call the custom folder something like 7nxnkkugrdzm, not happy-snappy-admin. Also, make sure your users are aware the admin url is a secret.

People keep asking this question, but people keep marking it as a duplicate. The chosen answer for this however, really isn’t an answer to the question.

To rename the wordpress admin you need to take two steps.

In the following code I’m using dashboard as the name of my new wp-admin. Change dashboard in the code below to whatever you want to name your new admin.

First you need to tell wordpress you want to change the admin url.

On line 2558 wp-includes/link-template.php is the code that dertermines the admin url.

Using the admin_url filter you can successfully change the url of the admin with the following function:

function my_custom_admin_url($path) { 
    return str_replace('wp-admin', 'dashboard', $path); 
add_filter('admin_url', 'my_custom_admin_url');

You can test to see what your new url is by doing this:

function whats_my_admin_url() {
    $url = admin_url();
    echo '<pre><code>'; print_r( $url ); echo '</code></pre>';
add_action( 'admin_notices', 'whats_my_admin_url' );

However, if you’ll notice when clicking through the admin that not everything works and some of the links may give you 404 not found or something similar.

Second, change the .htaccess in your wordpress root directory and add the following in the begining before anything else.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^dashboard[^/]*$ dashboard/ [R=301,L]
RewriteCond %{QUERY_STRING} (.*)$
RewriteRule ^dashboard(.*)$ wp-admin$1? [QSA,L,NE]
RewriteCond %{QUERY_STRING} (.*)$
RewriteRule ^wp-admin/?$ / [NE,R=404,L]
RewriteCond %{QUERY_STRING} (.*)$
RewriteRule ^wp-admin/(.*)$ dashboard/$1 [QSA,R=301,L,NE]

Now, I’m not an expert when it comes to editing .htaccess so some of this might not be necessary. However, I’ve never found it not to work.

Here’s the whole thing. Create a file and drop in your plugins folder or mu-plugins folder. (remember to change every instance of dashboard to your preferred admin url)

 * Plugin Name: Change My Admin URL
 * Plugin URI:
 * Description: Changes the admin url where wp-admin becomes dashboard (or whatever you change it to)
 * Version: 1.0
 * Author: Bryan Willis
 * Author URI:
 * License: GPL2


<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^dashboard[^/]*$ dashboard/ [R=301,L]
RewriteCond %{QUERY_STRING} (.*)$
RewriteRule ^dashboard(.*)$ wp-admin$1? [QSA,L,NE]
RewriteCond %{QUERY_STRING} (.*)$
RewriteRule ^wp-admin/?$ / [NE,R=404,L]
RewriteCond %{QUERY_STRING} (.*)$
RewriteRule ^wp-admin/(.*)$ dashboard/$1 [QSA,R=301,L,NE]


function my_custom_admin_url($path) { 
    return str_replace('wp-admin', 'dashboard', $path); 
add_filter('admin_url', 'my_custom_admin_url');


I haven’t had any in over a year using this method. You might notice that wp-admin will still work which kind of sucks, but it’s more of a precaution than anything. I had some poorly written plugins that hardcoded wp-admin in some places that wouldn’t load when trying to block or redirect wp-admin. I’m sure there is a way to do this with the htaccess, but I haven’t successfully figured it out. Also, this hasn’t been tested on multisite or anything like that ever.

Update: Alternative Approach

This is pretty similar, but for some reason my above answer didn’t work on every host I tried.

Add to .htaccess

RewriteRule ^admin/(.*) wp-admin/$1?%{QUERY_STRING} [L]

Create a file in mu-plugins folder called new-admin.php and add this there:

define('WP_ADMIN_DIR', 'admin');
defined('SITECOOKIEPATH') || define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', get_option('siteurl') . '/' ) );

add_filter('site_url',  'wpadmin_filter', 10, 3);
 function wpadmin_filter( $url, $path, $orig_scheme ) {
  $old  = array( "/(wp-admin)/");
  $admin_dir = WP_ADMIN_DIR;
  $new  = array($admin_dir);
  return preg_replace( $old, $new, $url, 1);

Note: This approach seemed to work better on some hosts, but still had the issue of not redirecting wp-admin links to the new admin url. Here’s an approach I tried below. While this below doesn’t work I think it’s on the right track. I’m not totally sure what hook to use. htaccess might be a better alternative but I kept getting redirect loops when I tried that way.

add_action('init', 'redirect_wp_admin_url_to_404');
function redirect_wp_admin_url_to_404(){
  $redirect_to = $_SERVER['REQUEST_URI'];
  if(count($_REQUEST)> 0 && array_key_exists('redirect_to', $_REQUEST)){
    $redirect_to = $_REQUEST['redirect_to'];
    $check_wp_admin = stristr($redirect_to, 'wp-admin');
      wp_safe_redirect( '404.php' );

If you want to keep subscriber-level users from seeing the wp-admin directory, you can create standalone versions of the login/registration and profile/edit pages in their own directories. Then, you can protect your admin folder via htaccess or IP restriction. (Though if you do this, you should make an exception for the admin-ajax file, as some plugins use it to add, um, AJAX functionality).

This approach gives you the “obscurity” you want (which doesn’t really do much, but often makes clients and managers feel better), and also adds some real security by limiting access to the admin. Plus, honestly, a URL that just says “/login” looks a lot nicer than “wp-login.php”.

It should go without saying that this doesn’t make your site bulletproof. But it’s a nice, basic enhancement.

There is actually a very good tutorial on this here:

How to Hide WordPress Info from Your Source Code mirror

Includes how to rename wp-content, rename wp-admin, and remove the generator tag from WordPress.

This tutorial will change obvious evidence or indications of it in your source-code, effectively removing WordPress info from your site.

It explains how to change the folder name, the wp-admin login url, and make sure that login.php redirects to the main site so that people can go there directly.

One way to lock down the administrative control panel is to utilize .htaccess rules. Just add an .htaccess file to the root of the wp-admin directory. After you add this file, just add the following rule to deny all IP addresses and allow only your IP:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
order deny,allow
deny from all
whitelist address
allow from <IP ADDRESS HERE>

If you want to rename the wp-admin with the aim of adding additional layer of security to your WordPress installation, you can also try the Roots / Bedrock WordPress Boilerplate. It can help isolate the web root to limit access to non-web files. It can also help in organizing/securing the whole WordPress core by putting it in its own subdirectory like renaming wp-content/ to app/ as well as these additional features:

  • Dependency management with Composer
  • Easy WordPress configuration with environment specific files
  • Environment variables with Dotenv
  • Autoloader for mu-plugins (use regular plugins as mu-plugins)
  • Enhanced security (separated web root and secure passwords with wp-password-bcrypt)

You can also check their GitHub Repo for a more detailed usage:

Take a look at this may help you out.

No it’s not possible to rename the wp-admin folder with any short of code or htaccess hack,

In the past i done the same for a client by performing a complete folder search via Coda (the editor i use) for the tag “wp-admin, wp-content…etc” and i remove the “wp-” from the files.

After that you will be able to install it but:
You have to do the same with the plugins you want to install,
You have to update the core manually by clearing the “wp-” tag from the new versions.

In all the ways i don’t suggest you to do something like this,
leave it as is and try to implement a User Login/Register/Profile page to give your users/clients a better experience.

Cristian from Cozmolabs have
write a very good tutorial. You can
edit the code a bit and make it run in
any WordPress theme.

You can also add a Post form from the frontend so the Admin and Users with the Capabilities to write a post can do it from the frontend.

Here you can see an example and code
on how to create a Frontend Post page.
Front-End Post Submission

Also you can take a look for some nice plugins here that do the same with more functionality.