WordPress (WP) is the most popular Content Management System (CMS) with 60.8% market share.
However, one of its biggest weaknesses is that many WordPress hackers know how to get into the front doors of WP websites.
By default, the main WordPress login URL is yourdomain.com/wp-admin.php. There are two other URLs that can be used to redirect to the same default login page:
Why not make it harder for potential hackers to find your login page? This article will show you how and why to change your WordPress admin login url.
Why did you change the WordPress login URL?
While using the default WordPress login URL is an easy way to remember how to access your site, it also makes it too easy for hackers.
You can at least slow down the hackers’ work by changing the login URL to something more difficult for them to find. There are various methods that attackers use to compromise a WP site, of which brute force attacks are the most common.
A brute force attack is an attempt by a hacker to gain access to your site by continually trying different combinations of usernames and passwords until they find the right one.
While they are not always successful, these attempts can wreak havoc on your site if they gain access. One simple precaution is not to use passwords that are easy to guess, such as “12345” or “abcde”. Also, don’t use the admin name for your username.
Did you know that there are over 90,000 hacking attempts per minute every day? No matter the size of your website, hacking attempts are inevitable and inevitable.
Brute force attacks overwhelm your hosting server’s memory by making fast, sequential HTTP requests multiple times. Even if a hacker cannot gain access, the mere number of requests is enough to push the web server beyond its capabilities and can crash your site.
If successful, the hacker will gain access to your WordPress dashboard as an admin. The most recommended solution to prevent all of these problems is to change the default WordPress login URL to a new one.
Should the WordPress login URL be manually changed?
If you want to try changing the login page URL manually, we strongly discourage you from doing so. While you can access your website files directly via FTP or other methods, this is not a good idea for the following reasons:
- Every time WordPress refreshes, it recreates the login page file, which makes it necessary for you to change the url again.
- You can unintentionally create problems with the functionality of your site, including errors with the logout screen.
- There are often unintended negative consequences when you modify your site’s core files, especially when not needed.
Use the WPS Hide Login Plugin
WPS Hide Login is a lightweight WordPress plugin to safely and efficiently change the URL of your WordPress login page.
It is a lightweight plugin that allows you to safely and easily change the URL of your login page. It does not add rewrite rules, change files, or rename core files.
Instead, WPS Hide Login intercepts page requests and makes your wp-login.php page inaccessible. Make sure you bookmark or bookmark the new login page so you can access it later.
How to Install WPS Hide Login
You can download the plugin or load it from WordPress backend by searching. Go to Plugins> Add New. Find WPS Hide Login from the WordPress plugin repository.
Click Install Now and then Activate Plugin.
How to configure the plug-in
To access the plugin settings, go to Plugins> Installed Plugins. Click “Settings” under the WPS Hide Login plugin.
Scroll down to the WPS Hide Login section.
As you can see in the screenshot above, there are two decisions you need to make.
- Your new login URL
- Redirect URL for people trying to navigate to your default WordPress Page
When choosing a new login URL, use a unique and random combination of letters and numbers. If you use something that is easy to guess, you will lose the goal of changing your WordPress login url.
Your next choice is the redirect page URL. One suggestion is to create a 404 error page if you don’t already have one.
If you don’t have a 404 error page, there is a plugin for that.
Or you can set up a redirect to your homepage. When done, click “Save Changes” for the new URL to take effect.
Test the new WordPress login URL
Try typing the default URL into the search bar:
Yurdomain.com / vp-login
If your settings are correct, you should see something like the image below.
If for any reason you want to revert to the default WordPress login, disable the WPS Hide Login plugin.
Is your website now 100% secure?
Don’t have a false sense of security. Take other precautions in addition to using the WPS Hide Login plugin.
Hackers are ruthless. They are always looking for new ways to hack sites. Apart from changing your WordPress login url, you should follow basic WordPress security tips.
- Keep your WordPress version, plugins and themes up to date.
- Use a security plugin like Malcare to proactively block bad bots and malicious IP addresses.
- Install the SSL certificate.
- Use the Limit Login Attempts Reloaded plugin to restrict login attempts.
- Back up your files with a plugin like BlogVault
- Choose a unique and secure password and username.
- Implement a two factor authentication plugin such as Google Authenticator – WordPress Two Factor Authentication (2FA)
There is no reliable way to prevent hackers from accessing your site. However, this does not mean that you should make it easier for them.
As you can see, changing the default WordPress login URL is very easy and you should do it. Why give hackers the key to your front door?