Reasons to Change your WordPress login url
One of the simplest things one can do in order to add an extra layer of security in WordPress website is to change its login url from the defaults of wp-admin and wp-login.php to a custom or even better random one.
Preventing your WordPress site from being hacked is generally an easy thing to do as long as you follow some simple guidelines. One of them is to hide your default WordPress login url so that attackers and wannabe hackers need to put in extra effort in order to bruteforce their way into your WordPress Dashboard. Changing your WP login url also helps from being DDoS’ed during a bruteforce attack which tries different username and password combinations in a few seconds resulting your hosting server to freeze and become unresponsive.
Plugins to Change your WordPress login url
Using a plugin is the best way to change your login url. This way you don’t need to edit any of your WordPress core files which will break your site and lower your WordPress security levels. That said we will post 3 of those plugins and feature one of them in our guide found below.
- Rename wp-login.php Ella Iseulde Van Dorpe
- WPS Hide Login by WPServeur, NicolasKulka, tabrisrp
- Custom Login URL by Simplico
Steps to Hide your WordPress login url
We’re going to feature in our guide the first plugin we mentioned because we never had any issue using it for more than 4 years. So without further ado, here we go:
Step 1: Install and activate Rename wp-login.php WordPress plugin by Ella Iseulde Van Dorpe
You need to visit your Plugin installation page in your WordPress Dashboard. Search for Rename wp-login.php plugin, install it and activate it.
Step 2: Set your new WordPress login URL
Once you activate the plugin you’ll be redirected to the Permalinks page; scroll down and set you new WordPress login URL, then save.
Test your hidden WordPress URL
Visit your default WordPress login urls(wp-admin & wp-login.php) and make sure they are not active. Then visit your new WP login url and try to login!
Make sure your set a random url, then write it down in a note in case you forget it. If you find yourself locked out of your WordPress Dashboard you can always de-activate the plugin by deleting its directory under /wp-content/plugins using an FTP Client or your Hosting Panel File Manager.
Recommended plugin has a “!!! This plugin has no author support, urgent issues can be posted on GitHub” message. and has not been tested with last 3 versions of WordPress.
Simple plugin may still work but author support is at least a question.
You’re correct. In fact I follow the same rule myself 99% of the times I’m working on a site. This plugin is very lightweight and straight forward while support is now provided through Github instead.
If you watch the video attached to this post(and don’t mind my English accent) then you will find another “issue” with this plugin. Keep in mind that plugins are not made as a one size fits all solution, users should educate themselves(like you did) and decide what’s best for their WP site.
ps: We may add our own WordPress plugin for hiding or changing the default WP login url in WP.org repo soon enough.