WordPress (WP) is the most popular content management system (CMS), owns 60.8% of the market share.
However, one of the main weaknesses is that so many WordPress hackers know how to penetrate the front door of WP websites.
By default, the main WordPress login URL is yourdomain.com/wp-admin.php. There are two other URLs you can use that will redirect to the same default login page:
Why not make it harder for potential hackers to find your login page? This article will show you how and why you can change your WordPress admin login URL.
Why Change Your WordPress Login URL?
While using the default WordPress login URL is an easy way to remember how to access your site, it also makes it too easy for hackers.
At the very least, you can slow down hackers by changing your login URL to something that is harder for them to find. There are several techniques that malicious actors use to hack into a WP site, with brute force attacks being the most common.
A brutal attack is when the hacker tries to access your site by constantly trying different combinations of usernames and passwords until they find the right one.
While not always successful, these attempts can wreak havoc on your site if accessed. A simple precaution is not to use passwords that are easy to guess, such as “12345” or “abcde† Also don’t use administrator for your username.
Did you know that there are more than 90,000 hack attempts per minute per day? Whether your website is small or large, attempts to hack your site are imminent and inevitable.
Brute force attacks overload your hosting server’s memory by repeatedly making HTTP requests in quick succession. Even if the hacker can’t gain access, the sheer volume of requests is enough to push the web server over its capacity and crash your site.
If successful, the hacker can access your WordPress dashboard as an administrator. The most recommended solution to avoid all these problems is to change your default WordPress login URL to a new one.
Do you need to manually change your WordPress login URL?
If you’re tempted to manually change your login page URL, we strongly recommend that you don’t. While you can access your website files directly using FTP or other methods, it’s not a good idea for the following reasons:
- Every time WordPress is updated, the login page file is recreated, forcing you to change the URL again.
- You can inadvertently cause problems with your site’s functionality, including errors with the logout screen.
- There are often unintended negative consequences when you change your site’s core files, especially when it’s not necessary.
Use WPS Hide Login Plugin
WPS Hide Login is a lightweight WordPress plugin to safely and efficiently change your WordPress login page URL.
It is a lightweight plugin that allows you to safely and easily change the URL of the login form page. It doesn’t add any rewrite rules, modify files, or rename core files.
Instead, WPS Hide Login intercepts page requests and makes your wp-login.php page inaccessible. Be sure to write down or bookmark your new login page so you can access it later.
How do I install WPS Hide login
You can download the plugin or upload it from the WordPress backend by searching for it. Go to Plugins † Add new† Search WPS Hide login from the WordPress Plugin Repository.
click on Install now and then Activate the plugin.
How to configure the plugin
To access the plugin settings, go to Plugins † Installed Plugins† click on Settings under the WPS Hide Login plugin.
Scroll down to the WPS Hide login section.
As you can see in the screenshot above, there are two decisions to make.
- Your new login URL
- The redirect URL for people trying to go to your default WordPress page
When choosing your new login URL, use a unique and random combination of letters and numbers. Using something that is easy to guess will defeat the purpose of changing your WordPress login URL.
Your next choice is the redirect page URL. One suggestion is to create a 404 error page if you don’t already have one.
If you don’t have any 404 error pagethere is a plugin for that.
Or you can set the redirection to your homepage. When you’re done, click Saving Changes for the new URL to take effect.
Test your new WordPress login URL
Type your default URL into a search bar:
If your settings are correct, you should see something like the image below.
If for any reason you want to revert to the default WordPress login, please disable the WPS Hide Login plugin.
Is your website now 100% secure?
Don’t get a false sense of security. Take other precautions besides using the WPS Hide Login plugin.
Hackers are ruthless. They are always looking for new ways to disrupt websites. In addition to changing your WordPress login URL, you should follow basic WordPress security tips.
- Keep your WordPress version, plugins and themes up to date
- Use a security plugin like: malcare to proactively block bad bots and malicious IP addresses
- Install an SSL certificate
- To use reloaded the login attempts limit plugin to restrict login attempts
- Back up your files with a plugin like BlogVault
- Choose a unique and secure password and username
- Implement a two-factor authentication plugin such as Google Authenticator – WordPress Two Factor Authentication (2FA)
There is no foolproof way to prevent hackers from accessing your site. However, that doesn’t mean you should make it easier for them.
As you can see, it’s easy to change the default WordPress login URL and you should. Why Hackers Give Your Front Door Key?