How To Stop Spam Registrations In WordPress By Changing Login Path?

Are you sick and tired of constantly trying to stop spam registrations in WordPress? Do you receive hundreds of invalid user registrations per day and have to delete 1000’s of these every week?

Well, you are not the only one. Some people just don’t have better things to do. They use bots in order to gain access to your site. They hope webmaster forgot/made a mistake and left ticked option that new user gets admin role.

That is the main reason. But whatever their reason are, they are very annoying. Spam registrations, comments, trying to gain access to site, etc.


Stop Spam Registrations In WordPress

User registration spam is becoming an important concern for many of the WordPress site owners. If your WordPress site is set to allow user registration, then it’s probably vulnerable to user registration spam from spam-bots.

But even if your site doesn’t allow user registration, you will still get spam registrations. More and more as site becomes popular.


Stop Spam Registrations In WordPress Changing Login Path


Here is example of constant spam registrations before changing login path


The spam accounts usually can’t cause much threat to your blog as long as you give only the “subscriber” role to open registration. You can also receive a lot of brute attacks when bots try to guess you password and username.

Username can be easily obtained so those spammers can lock you out of your own site (never use “admin” as username). Luckily there are numerous plugins available, free and paid to stop that menace.

Not long time ago I was using Stop Spammer Registration Plugin which did its part perfectly. Now I use WP Security in combination with Anti-Spam plugin

Before WP Security my main security plugin and champion when it comes to stop spam registrations in WordPress was Hide My WP plugin. The main goal of Hide My WP plugin is not to stop spam registrations.

Its main purpose is providing security from various attacks and to hide the fact you are using WordPress. With Hide my WP you can hide wp-login.php of your WordPress site, thus stopping spammers from constant registrations.

This can also be done with iThemes Security (formerly Better WP Security) WordPress plugin which comes in free and paid version. For more info about it you can check my iThemes Security review.


Changing Login Path to Stop Spam Registrations

In order to effectively stop spam registrations in WordPress using Hide My WP (you can use any other plugin) you need to change the URL path of your wp-login.php. If you are using Hide My WP then go to General Settings and tick “Hide Login Page.”

Then change the Login Query and Admin Login key. That will create new login path. Remember it or write somewhere. Now use it for login. Remember you will not be able to login with wp-login.php or by going to wp-admin.php.




This is best option when you don’t have users registrations on your site. If you accept user registration, change login URL to something like /login? . You could also try Theme My Login as it is compatible with Hide My WP.


Hide My WP FAQ

1) I can’t login, what should I do now?

When you hide wp-login.php you should add your admin key to login address:

e.g. (1234 is our default key).

If you have any other problems simply use FTP or a file manager and rename the plugin folder to something else (in wp-content/plugins) it will deactivate the plugin.


2) I hide both wp-login and wp-admin but I still can see them. Why?

Because you are a logged in administrator! Log out and try again. Don’t forget to save new login address somewhere.


Hide My WP vs Swift Security Comparison

Swift Security is another WordPress plugin intended for removing traces that website/blog uses WordPress as its platform. I have made comparison of both plugins so if you decide to go for one of those you can see what you get with each.

swift security bundle vs hide my wp plugin
  • Swift Security
  • $26
  • Pushover notification
  • Scanner Module
swift security bundle review
  • Name
  • Price
  • Free Version
  • Export/Import Options
  • Trusted User Roles
    Choose trusted user roles.
  • Hide Login Page
    Hide wp-login.php.
  • Hide Admin
    Hide wp-admin folder and its files for untrusted users.
  • Spy Notify
  • Remove Meta
    Remove auto-generated feeds from header.
  • Remove Version
    Remove version number (?ver=) from styles and scripts URLs.
  • Hide Other Files
    Hide license.txt, wp-includes, wp-content/debug.log, etc.
  • Compress Page
  • Hide PHP Files
  • Replace in HTML
    Replace words in HTML output.
  • Replace URLs
    Replace or rename URLs in HTML output.
  • Anti-Spam
    Comment spam block
  • Change Theme Paths
  • Change Plugin Paths
  • Scanner
  • Change WordPress queries
  • Change upload URL, wp-includes folder, AJAX URL
  • Disable WordPress archives, categories, tags, pages, posts, etc
  • Firewall
  • Anti-Brute Force
  • Multisite Compatibility
  • Compatibility With Cache Plugins
  • Login IP Filter
  • Scheduled Code Scans
  • Automatically Quarantines Files
  • WooCommerce Compatibility
  • Child Themes Support
  • Nginx Support
hide my wp plugin comparison
  • Hide My WP
  • $22
  • Intrusion Detection System

Another great security plugin you can use is MalCare. You can check my MalCare review to find more about it. Hope some above tips will help you get rid of  spam registrations on your WordPress site or blog.

DISCLOSURE: Posts may contain affiliate links. If you buy something through one of those links, I might get a small commission, without any extra cost to you. Read more about it here.

4 thoughts on “How To Stop Spam Registrations In WordPress By Changing Login Path?”

  1. Thank you for nice article. I will try above mentioned plugin – Stop Spammers. Let’s hope it will be fixed. If something needed I will try as your current method.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top