One of the most common types of hacking on WordPress is a brute force attack. In this kind of attack, a hacker attempts to try various permutations & combinations of usernames & passwords to get inside of your WordPress blog.
Especially when we all know that the common WordPress admin URL is “wp-admin”, any hacker can easily get started with brute force attacking.
There are many free security WordPress plugins out there that help you prevent brute force attacks. One major step you can take right now is by changing the WordPress admin URL. This way, hackers will not be able to find the login link & this reduces the chance of getting attacked.
In this WordPress security series, I will be showing you how you can use two plugins to change your URL. One plugin is simply used to change the login URL of WordPress from a security perspective, and the other one is for improving the user experience.
At the end of this guide, I have also shared more useful resources that you can follow to improve the overall security of your WordPress blog.
So without further delay, let’s learn about some useful plugins to change the WP login URL.
How To Change WP Login URL with WPS Hide Login Plugin:
With over 90,000+ downloads, WPS Hide Login is the simplest & most straightforward WordPress plugin for changing the admin URL. You can install this plugin by searching for “WPS Hide Login” from your WordPress dashboard (here is the WP repo plugin page).
Once you have installed & activated the plugin, go to Settings > General to configure the options. Scroll down & at the bottom, you will see the option to configure the “WPS Hide Login” plugin.
You can put anything in the blank space & that will be your new login URL. For example, in the above screenshot, shoutmeloud.com/logmein is the new WordPress admin login URL.
If you are the only person handling your blog, you can use any word that you can remember or use something like “dsajkuiksdak” & save this unique login URL into your browser bookmark.
The idea is to make your login page hard to discover. This way, you improve your WordPress login page security to a great extent.
It doesn’t literally rename or change any files in the core, nor does it add rewrite rules. It simply intercepts page requests and works with any WordPress website.
If you are looking to do more than simply hardening your WordPress login page security, you should look for the below-mentioned solution. This one helps in better branding of your WordPress login & register page by giving them a memorable page URL.
Changing WordPress Login & Registration URL For Better Branding:
There are a few plugins that let you rename your WordPress login, register, password reset & logout URLs.
This is useful when you have a multi-author blog or are using WordPress in a way where multiple users need to regularly register or log in.
The most popular plugin is iThemes Security, however, it’s not highly recommended as this plugin offers much more than just customizing the URL of your WordPress registration & login page.
The other plugin which is developed just for renaming WordPress admin login, registration & other pages is the Custom Login URL plugin. This is another simple to use plugin.
Once you have the plugin installed & activated, go to Settings > Permalink to configure.
You can rename the login URL, registration URL, lost password URL, logout URL & authentication redirects. Authentication redirects are the URLs which users will be redirected to after logging in or logging out. A simple tweak in this area can be very effective for your WordPress blog branding & security.
While we are on it, you can further customize the look & feel of the login URL. You can use the Tesla Login Customizer plugin or pick any good looking plugin from here.
Conclusion:
From a security perspective, it’s a good idea to change your WP-admin login URL to make it hard for hackers to guess.
This will strengthen the security of your WordPress blog to a great extent. At the same time, if you are running a multi-author blog or using it in a way where you & others need to regularly interact with the login & registration page, use the other plugins to change the URL.
The second option is optional, however, I recommend you implement the first option (change your wp-admin URL) right away for improved security.
Here are some more articles that you should read to learn more about the security of WordPress blogs:
Like this post? Don’t forget to share it!
Hello Harsh, I recently installed this plugin on my website. It’s really good and working properly. Also, easy to install and configure. Now I have my own website login URL.
Thanks, for sharing this information.
Today, in the morning, I saw that Jetpack has blocked around 90 malicious login attempts. By evening, it grew to 110+ which scared the hell out of me. Then I read this post of yours and immediately installed WPS hide and changed my login url. Now I’m kinda relieved. Thanks for the suggesting the plugin Harsh. Hacking nowadays have become a headache.
Does anyone know if Custom Login url still works with the latest version of WP. It hasn’t been updated for 2 years + and gives a warning that it has not been tested with the latest version. Reluctant to install in case it breaks the site.
@Craig
Your apprehension is right. However, I’m still using it and it works perfect. I hope the developer updates the plugin for the latest version.
I was looking for the same solution. And at last your blog instructions helped me to save my wordpress blog.. I recently noticed someone trying to login to my account with various username and password combinations. Post implementation WPS hide login, I don’t see anymore lockout attempts by hackers. Thanks a bunch..
Merry Christmas & Happy new year in advance.
Thank You so much
I installed this plugin 🙂
Hi,
I am recently using this plugin. this plugin is good and it keep the site little secure.
Few days back my site was hacked and they have deleted all the theme file. It was done using login page only. I guess this tool is helpful in some way.
Thanks For sharing this 🙂
Very Nice article, default WordPress login URL is very easy to guess and a hacker can attack easily. Keep up the good word. I also use the wps hide plugin to hide my login url
WPS Hide Login not updated from last 9 month, its getting error with latest version of wordpress, please update with new one. Thanks
@Vikram
I’m still using the same with no issues.
Thanks Harsh for your valuable content, as usual. Two of my blogs were hacked a few weeks ago, so I know the value of taking extra precautions. I recovered one but failed to properly back up the other, so I lost it. It really pays to take extra security precautions.
Hi Harsh , thanks for being an inspirational guide for building a good wordpress blog .I have finally found how to change wp-admin url
I learnt “blogging and seo” alot through your blog .
Currently I am also using Login Lockout – to block brute force attacks .
Installing WPS Hide Login on my blog
Precaution is always better 🙂
Hi Harsh,
I love the style of your blog & am new here, too.
I’m in the initial steps to increase traffic to my personal affiliate blog.
Whenever I’m trapped in any issue having with my blog, I come back & search for the solution at your Blog.
Love your blog & your effort:-)
thanks for great article,
3000 visitors were trying to log in my login page,i was very suprise to see such traffic,but after checking google analytics and adsense, i got to know that they were useless traffic, now can i redirect my login page address to home, so that fakers may become audience to my site,
is it good to do,please sugggest for better traffic growth harsh !
Good article. For me, WPS Hide Login is the way to go. Security is just that and more important than small user experience hiccups.
Just by reading one blog post , I got to know about how to improve security of wordpress blogs by using the plugins you shared i.e. WPS HIde Login and Custom Login URL plugin
Thanks a lot
A great article to have a read when wanting to increase the security of your WordPress site. Thank you for sharing.
No kudos when you’re recommending a plugin that hasn’t been updated in TWO Years!
The “Custom Login URL Plugin” hasn’t been updated in two years so all these reviews are dated or “bogus”!
@Greg
use this one https://wordpress.org/plugins/wps-hide-login/