One of the most common types of hacking on WordPress is a brute force attack. In this kind of attack, a hacker attempts to try various permutations & combinations of usernames & passwords to get inside of your WordPress blog.
Especially when we all know that the common WordPress admin URL is “wp-admin”, any hacker can easily get started with brute force attacking.
There are many free security WordPress plugins out there that help you prevent brute force attacks. One major step you can take right now is by changing the WordPress admin URL. This way, hackers will not be able to find the login link & this reduces the chance of getting attacked.
In this WordPress security series, I will be showing you how you can use two plugins to change your URL. One plugin is simply used to change the login URL of WordPress from a security perspective, and the other one is for improving the user experience.
At the end of this guide, I have also shared more useful resources that you can follow to improve the overall security of your WordPress blog.
So without further delay, let’s learn about some useful plugins to change the WP login URL.
How To Change WP Login URL with WPS Hide Login Plugin:
With over 90,000+ downloads, WPS Hide Login is the simplest & most straightforward WordPress plugin for changing the admin URL. You can install this plugin by searching for “WPS Hide Login” from your WordPress dashboard (here is the WP repo plugin page).
Once you have installed & activated the plugin, go to Settings > General to configure the options. Scroll down & at the bottom, you will see the option to configure the “WPS Hide Login” plugin.
You can put anything in the blank space & that will be your new login URL. For example, in the above screenshot, shoutmeloud.com/logmein is the new WordPress admin login URL.
If you are the only person handling your blog, you can use any word that you can remember or use something like “dsajkuiksdak” & save this unique login URL into your browser bookmark.
The idea is to make your login page hard to discover. This way, you improve your WordPress login page security to a great extent.
It doesn’t literally rename or change any files in the core, nor does it add rewrite rules. It simply intercepts page requests and works with any WordPress website.
If you are looking to do more than simply hardening your WordPress login page security, you should look for the below-mentioned solution. This one helps in better branding of your WordPress login & register page by giving them a memorable page URL.
Changing WordPress Login & Registration URL For Better Branding:
There are a few plugins that let you rename your WordPress login, register, password reset & logout URLs.
This is useful when you have a multi-author blog or are using WordPress in a way where multiple users need to regularly register or log in.
The most popular plugin is iThemes Security, however, it’s not highly recommended as this plugin offers much more than just customizing the URL of your WordPress registration & login page.
The other plugin which is developed just for renaming WordPress admin login, registration & other pages is the Custom Login URL plugin. This is another simple to use plugin.
Once you have the plugin installed & activated, go to Settings > Permalink to configure.
You can rename the login URL, registration URL, lost password URL, logout URL & authentication redirects. Authentication redirects are the URLs which users will be redirected to after logging in or logging out. A simple tweak in this area can be very effective for your WordPress blog branding & security.
While we are on it, you can further customize the look & feel of the login URL. You can use the Tesla Login Customizer plugin or pick any good looking plugin from here.
Conclusion:
From a security perspective, it’s a good idea to change your WP-admin login URL to make it hard for hackers to guess.
This will strengthen the security of your WordPress blog to a great extent. At the same time, if you are running a multi-author blog or using it in a way where you & others need to regularly interact with the login & registration page, use the other plugins to change the URL.
The second option is optional, however, I recommend you implement the first option (change your wp-admin URL) right away for improved security.
Here are some more articles that you should read to learn more about the security of WordPress blogs:
Like this post? Don’t forget to share it!
Great Post.I am using WP-Security to secure my wordpress website login page.It provide complete security to my website including security for database, filesystem and SPAM protection. I even removed the akismet comment plugins, since this plugins also provide me security against spam comments.
Still thanks you dear and Keep it Up.
Hi Harsh, thank you for sharing this great plugin.Earlier I tried other method to change WP login URL but that was little complicated.Now I think anyone can do it.Thanks
Hi Harsh !
I have use first option and change admin url
i know very well new url but now old and new both url not working
please help me
What I should i do ?
Thanks
Manoj
@Manoj
You might have made a mistake at some stage. Do not worry as this could be fixed.
Use FTP to browse your WordPress plugins folder & delete the WPS hide plugin folder. This will fix the issue.
Mighty useful post. Although WordPress blogs are much safer nowadays (as compared to few years ago), there’s still an element of fear/doubt in the bloggers’ mind about its total security. This post will be very useful for those people, including me, as we have plans of designing a WP based ecommerce site. Hope these measures would work well for the WP ecommerce sites too.
Best rgds!
Hi Harsh
Thanks for the wonderful post. I was looking for such kind of great plugin. I am going to implement it today.
@Mintukan
Thanks for your kind words & let me know how was your experience with it.
Wow great post harsh thank you, this was very helpful for WP security
@Akash
You are welcome, come again.
Sounds Great For Making WordPress Sites More Secure..
Thanks For Sharing With Us Bro.
@Vinit
Glad I could help.
I am looking for it from long time, Thank you for this Great Resources
@Sudip
You’re welcome glad this helped.
Great security tips harsh I been looking for this for my blog.
@Nestor
Glad to hear! Thank you for your comment.
Hello Harsh,
This was something new when it comes to security. I really liked this article for changing the login URL. Keep updating us like this.
That is a cool and pro tip.
WPS Hide Login sounds very helpful. I am gonna install it right away. My ‘Blocked malicious login attempts’ increased from 40 to 4,500 in just a matter of days. So I guess I really need this plugin for a sense of security.
Thanks for security tip, many times whenever I login to to WP dashboard it shows 1000+ login attempts now it won’t happen….
By The Way After ShoutMeLoud Update on WP Hide Login Plugin…
Active Users of Plugin changes to 1,00,000+….
Thanks for giving Us a very important security information.I will definitely Use WPS Hide Login Plugin to Secure my WordPress login Url to protect it.
Thanks for Sharing
Hi Harsh,
Another great post!
I’m already using the plugin that you mentioned and it’s pretty good at it’s job.
Now my ‘malicious login attempts’ are little to no after using it.
Another plugin which I like to mention was Login lock down plugin, but as Umer Itikhar has already mentioned it.
So I’d like to mention it benefits:
Login LockDown plugin can put limits on how many times one IP address can attempt to login & for how long you want to lock them out for if they surpass that.
Let me tell you with the help of example:
Let’s say after 5 failed attempts to login, It can lock the user out temporarily.
And for how much time?
It totally depends on you, you can set it to 15 minutes, 90 minutes, 36 hours or even longer.
Hope it will help other!
Thanks harsh, Keep up the awesome work!
Thank you for the useful info. 1 question, I’m new to this so I don’t know if we can delete the plugin after changing the login url, can we? I don’t like a cluster in there. Esp when I don’t know it much.
Hey Hena
You have to keep the plugin enabled.
Hi Harsh,
Always when I come to shoutmeloud, I read something new here. This is what I was looking for. By using this plugin, we can quickly secure our WordPress blog.
Most of the plugins I came to know because of you and it worth to get here always. I have a full-time job still, I started my WordPress blog.
You always motivates us, and I think no one will beat you in organic traffic for blogging niche.
Thanks,
Amit
Great resource. You can also hide the login area using htaccess and some rules. Once done, the login path will require a key to be displayed
Hey Harsh
Most of beginner search a way about changing WP admin URL for protect their blogs. So this the most useful guide. Thanks for sharing.
Hi Harsh,
Thanks for sharing this useful article about WP security. It is very much necessary to secure the login and keep it safe as much as possible. I already have experience for this issue for one of my site few years back and restoring it back to normal was tough job. Started using secure plugin to avoid such risk.
I am sure you tip is going to be useful for many bloggers and webmasters using wordpress sites.