否，无法重命名文件夹。该路径在WordPress的源代码中的多个位置进行了硬编码。

通过默默无闻获得的安全并不是真正的安全。

People keep asking this question, but people keep marking it as a duplicate. The chosen answer for this however, really isn\'t an answer to the question.

To rename the wordpress admin you need to take two steps.

In the following code I\'m using dashboard as the name of my new wp-admin. Change dashboard in the code below to whatever you want to name your new admin.

On line 2558 一零五 is the code that dertermines the admin url.

Using the 一一二 filter you can successfully change the url of the admin with the following function:

You can test to see what your new url is by doing this:

However, if you\'ll notice when clicking through the admin that not everything works and some of the links may give you 404 not found or something similar.

Now, I\'m not an expert when it comes to editing .htaccess so some of this might not be necessary. However, I\'ve never found it not to work.

Here\'s the whole thing. Create a file and drop in your plugins folder or mu-plugins folder. (remember to change every instance of dashboard to your preferred admin url)

I haven\'t had any in over a year using this method. You might notice that wp-admin will still work which kind of sucks, but it\'s more of a precaution than anything. I had some poorly written plugins that hardcoded wp-admin in some places that wouldn\'t load when trying to block or redirect wp-admin. I\'m sure there is a way to do this with the htaccess, but I haven\'t successfully figured it out. Also, this hasn\'t been tested on multisite or anything like that ever.

Update: Alternative Approach

This is pretty similar, but for some reason my above answer didn\'t work on every host I tried.

Note: This approach seemed to work better on some hosts, but still had the issue of not redirecting wp-admin links to the new admin url. Here\'s an approach I tried below. While 一一一 I think it\'s on the right track. I\'m not totally sure what hook to use. htaccess might be a better alternative but I kept getting redirect loops when I tried that way.

WordPress官方支持的一种方法是将WordPress安装文件移动到子目录中，同时将站点保留在根目录中，如下所示：

网站网址：http://my-blog.com

管理员URL:http://my-blog.com/7nxnkkugrdzm/wp-admin

虽然这并不能让你完全自由地更改你的管理员url，但这意味着你可以用你喜欢的任何东西给它添加前缀。从安全角度来看，这也同样好。它还可以将所有WordPress安装文件移动到用户未知的位置，因此它应该是WordPress强化策略的一部分。

From the WordPress Codex: 九九

同样的注意事项也适用于密码：调用自定义文件夹7nxnkkugrdzm, 不happy-snappy-admin. 此外，请确保您的用户知道管理员url是一个秘密。

实际上，这里有一个非常好的教程：

How to Hide WordPress Info from Your Source Code ^mirror

包括如何重命名wp内容、重命名wp admin以及从WordPress中删除生成器标记。

本教程将改变源代码中明显的证据或指示，effectively removing WordPress info from your site.

它解释了如何更改文件夹名称、wp admin登录url以及确保登录。php重定向到主站点，以便人们可以直接访问。

如果你想让订户级别的用户看不到wp admin目录，你可以在他们自己的目录中创建登录/注册和配置文件/编辑页面的独立版本。然后，你可以通过htaccess或IP限制来保护你的管理文件夹。（虽然如果这样做，应该对管理ajax文件进行例外，因为一些插件使用它来添加ajax功能）。

这种方法给了你想要的“隐晦感”（其实没什么作用，但通常会让客户和经理感觉更好），还通过限制对管理员的访问增加了一些真正的安全性。此外，老实说，一个只显示“/登录”的URL看起来比“wp login.php”好得多。

不用说，这并不能让你的网站防弹。但这是一个很好的基本增强。

锁定管理控制面板的一种方法是利用。访问规则。只需添加一个。htaccess文件到wp admin目录的根目录。添加此文件后，只需添加以下规则即可拒绝所有IP地址并仅允许您的IP：

http://wp.tutsplus.com/tutorials/10-steps-to-securing-your-wordpress-installation/

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
whitelist address
allow from <IP ADDRESS HERE>
</LIMIT>

如果你想为WordPress安装添加额外的安全层而重命名wp admin，你也可以尝试Roots / Bedrock WordPress Boilerplate. 它可以帮助隔离web根目录，以限制对非web文件的访问。它还可以帮助组织/保护整个WordPress核心，方法是将其放在自己的子目录中，如将wp content/重命名为app/以及以下附加功能：

• 使用Composer进行依赖关系管理
• 使用特定于环境的文件进行简单的WordPress配置
• 使用Dotenv的环境变量
• mu插件自动加载程序（将常规插件用作mu插件）
• 增强的安全性（使用wp password bcrypt将web root和安全密码分开）
GitHub Repo 有关更详细的用法：

看看http://wordpress.org/extend/plugins/stealth-login/ 这可能对你有所帮助。

不，不可能用任何短代码或htaccess hack重命名wp admin文件夹，

在过去，我通过Coda（我使用的编辑器）对标记“wp admin，wp content…etc”执行完整的文件夹搜索，并从文件中删除“wp-”来为客户端执行相同的操作。

之后，您将能够安装它，但是：
您必须对要安装的插件执行相同的操作，您必须通过清除新版本中的“wp”标记手动更新核心。

在所有方面，我不建议您这样做，保持原样，并尝试实现一个用户登录/注册/配置文件页面，为您的用户/客户提供更好的体验。

克里斯蒂安来自Cozmolabs 写了一篇很好的教程。您可以稍微编辑代码，使其在任何WordPress主题中运行。

您还可以从前端添加帖子表单，这样管理员和具有写帖子能力的用户就可以从前端完成。

在这里，您可以看到如何创建前端帖子页面的示例和代码。Front-End Post Submission

你也可以看看plugins here 这对更多功能也有同样的作用。

从IFRAME工作WP-ADMIN怎么样？

在wp dashboard中创建一个名为“Admin”的新页面。e、 g:你的域名/管理员/

您可以使用header.php page.php 和/或footer.php 要禁用模板上不需要的内容，请使用：

<?php
if(!is_page(\'admin\')): //if not the admin page.

//wrap code not needed or wanted.

else: ?>

<style type="text/css">
    .responsive-iframe {
    position: relative;
    padding-bottom: 56.25%; /*16:9*/
    height: 0;
    overflow: hidden;

    iframe {
        position: absolute;
        top:0;
        left: 0;
        width: 100%; //or 100vw
        height: 100%; //or 100vh
    }
}   
</style>

<div class="responsive-iframe">
<iframe seamless="seamless" scrolling="yes" src="http://yourdomain/wp-admin/" frameborder="0" allowfullscreen></iframe>
</div>

<?php 
endif;

九九 But i would otherwise say

1. Wordfence Plugin will help a lot to block human hacker attempts. Use a very long and complex username for the admin account (hackers and bots don\'t assume humans to use long usernames, only passwords), one that even you cannot remember, and login using the email address you used instead, is also a corker.
2. Delete the content of comments.php file, and never allow comments on your website, nor signups, is best, restricting access only to admins and perhaps if you need your authors and editors. Deleting the comments.php content prevents a of injected malware and hacks from occurring.
3. put a space between two words as your login name, as most hackers don\'t realize you can do a username with an empty space, and often use underscores even when they guess your username (human hackers using social engineering). Long passwords that are complex have been proved to not be stronger than an 8 character/integer password so that is for you to study.
4. Last but not least, one has to not only protect login.php, (by the way never use the username "[login]"), but also the xml rpc file which is the other file hackers like to use to try to log in with. Usually this kind of attack is a low level lowlife with little knowledge of real hacking using AI to do the work, and is merely trying his or her luck. But better safe than sorry. Also, WP all in one Migration Plugin allows you to download the whole site with database and configuration and upload it again in case of being hacked and site deletion. a daily backup before bedtime would ensure that your site will always be as it was before you went to bed. backup offline to hard drive (external), and you will always be safe.Oh, and keep plugins to a minimum as they are often left to rot by the devs and not updated, and if your blogging has used the plugin (for example youtube playlist plugins) tp post with, deleting an out dated plugin will make many posts become senseless with missing content (always think ahead). But do use the necessary plugins such as akismet, wordfence free, and wp all in one migration tool to backup website files, content and database. Many plugins also have vulnerabilities and a quick sniff of your server will show all folders to the hacker, and he will know you have the plugin, and attack through that. Do not use Discus or other third party comment forms either, as there is more data being scraped and compromised through fourth party inception (youtube currently hacked using location tagging in apps), than it is helpful. Better to have a Facebook page and let people comment there, but, not to insert widgets, or code linking from or to other domains, and their APIs too much, as the data being communicated and shared is intercepted easily by pro hackers. I have no comments or share buttons on my wordpress sites because of this. (i still do well and live well without need for comments with my type of websites). For example if this question was in form of a youtube video, everyone would have left wordpress at stackexchange (not that i suggest that as stack exchange is fantastic!) and comment on their youtube channel insytead. Safer, securer. So make a YT Channel and FB Page and use those for letting people \'sign up and comment\' and keep the wordpress site as barebones as possible with no login options