WordPress is a popular open-source website creation platform for individuals, professionals and business owners who do not have any coding experience and want to build blogs and websites. Anyone can easily install, use, and modify it for free.
Though it is an impressive platform for website creation, some hackers have figured out ways to get in the front door of WordPress websites.
By default, the WordPress login URL is yourdomain.com/wp-admin.php. The other two URLs that redirect you to the same default login page are:
- yourdomain.com/admin
- yourdomain.com/login
In this article, we’ll take you through why and how you should change your WordPress admin login URL and make it difficult for potential hackers to find your admin page.
Why should you change your WordPress login URL?
Though using the default WordPress login URL makes it easy for you to remember the way to access your website, it also makes it easy for hackers to attack your website.
There are various innovative techniques that malicious actors use for hacking a WordPress website, one of the most common ones being brute force attacks. Herein, a hacker tries to get access to your website by continuously trying multiple combinations of passwords and usernames until they find the right one. Even if the hacker is unable to gain access, these many requests are enough to exceed the capacity of the web server and crash your website.
Though they are not always successful, once they get access, they can wreak havoc on your website. One simple precautionary measure is to not use easy-to-guess passwords such as “abcde”, “12345”, “admin” or simply your name.
The other recommended solution that largely helps prevent such attacks is to change your WordPress login URL to something that is harder for them to figure out.
Should you change the WordPress login URL manually?
Although you can easily access your website files directly using FTP or other methods, it is not a good idea because of the following reasons:
- Every time WordPress updates, it recreates the login page file, making it necessary to change the URL again.
- You may create issues with your website’s functionality, including errors with the logout screen.
- There are often negative consequences when you alter your website’s core files, especially when you do not have to.
Therefore, instead of doing it manually, you can use WPS Hide Login Plugin.
WPS Hide Login – What is it and how to install and configure it?
WPS Hide Login is a light WordPress plugin that allows you to change your WordPress login page’s URL efficiently and safely. It doesn’t add rewrite rules, rename core files, or modify files.
Instead, the plugin intercepts page requests and renders your wp.login.php page inaccessible. Ensure that you bookmark or write down your new login page so that you can access it later.
Installation
You can either download the plugin or upload it from WordPress’s backend by searching for it. A simple process to do this is as follows –
- Go to Plugins > Add New
- Search for WPS Hide Login from the WordPress Plugin Repository
- Install and activate the plugin
Configuration
- Go to Plugins > Installed plugins
- Click on Settings under the WPS Hide Login Plugin
- Scroll down to the WPS Hide Login section
Now, you need to make two decisions:
-
Your new login URL
While choosing your new login URL, use a random and unique combination of numbers and letters. If you use something easy to guess, you’ll defeat the whole purpose of changing your WordPress login URL.
-
The redirect URL for the people who try to visit your default WordPress page
Your next choice is your redirection page’s URL. One good suggestion is to create a 404 error page if you do not have one already. (If you do not have a 404 error page, you can use a plugin for that).
Or you can set redirection to your home page. Once done, click on Save Changes for the new URL to take effect.
Test your new WordPress Login URL
- Put your default URL into a search bar: yourdomain.com/wp-login
- If your settings are correct, your screen should display a “404 error”.
However, as hackers are always trying new ways to hack your website, it is recommended to not rely on one precautionary measure. Instead, use multiple measures in addition to the WPS Hide Login plugin such as – installing an SSL certificate, keeping your WordPress version, themes and plugins up-to-date, implementing a two-factor authentication plugin (like Google Authenticator), and more.
Hope this article was helpful to you.