I’ve always tried to hide my wp-admin and wp-login by changing the URL with some plugins, but I still get the ‘user locked out while trying to login’ email alerts from all my sites, thanks to my security plugin, but I’ve never found a perfect way to disable the wp-admin and wp-login.php until now.

I’ll be explaining how I hide/disable the ‘http://mysite/wp-admin’ and ‘http://mysite/wp-login.php’ URLs on my sites (N.B: If you will be disabling these URLs, it should be a personal site or a site where your clients don’t log in to the dashboard to make personal changes).

The first step is to add your sites to a WordPress management console/dashboard (examples are ManageWP, InfiniteWP, MainWP). I use ManageWP, and I think it has an easy interface.

When you have added your sites to the management dashboard and tested that you can access your site dashboard from there, then you go to the next step.

In the next step, you will add the code below to your functions.php in your child theme, if you don’t have a child theme, create one or check here to learn how to create a child theme.

add_action( 'init', 'blockusers_init' );
function blockusers_init() {
if ( is_admin() && ! current_user_can( 'administrator' ) &&
! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
wp_redirect( home_url() );
exit;
}
}

To block a particular role from accessing wp_admin, use this

! defined( 'ABSPATH' ) AND exit;
function no_admin_role_access()
{
    $redirect = isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : home_url( '/' );
    if ( 
        current_user_can( 'USER_ROLE_NAME_HERE' )
    )
        exit( wp_redirect( $redirect ) );
}
add_action( 'admin_init', 'no_admin_role_access', 100 );

The following code redirects anyone who tries to access the URL ‘http://yoursite/wp-login.php’ to your site’s home page ‘http://yoursite/’

add_action('init','custom_login');
function custom_login(){
global $pagenow;
if( 'wp-login.php' == $pagenow ) {
wp_redirect( home_url() );
exit();
}
}

If users have to log in on the front end of your site, like a membership site, you can still use this to disable the wp-admin and wp-login, so they can only log in on the front end.