One of the most common types of hacking on WordPress is a brute force attack. In this kind of attack, a hacker attempts to try various permutations & combinations of usernames & passwords to get inside of your WordPress blog.
Especially when we all know that the common WordPress admin URL is “wp-admin”, any hacker can easily get started with brute force attacking.
There are many free security WordPress plugins out there that help you prevent brute force attacks. One major step you can take right now is by changing the WordPress admin URL. This way, hackers will not be able to find the login link & this reduces the chance of getting attacked.
In this WordPress security series, I will be showing you how you can use two plugins to change your URL. One plugin is simply used to change the login URL of WordPress from a security perspective, and the other one is for improving the user experience.
At the end of this guide, I have also shared more useful resources that you can follow to improve the overall security of your WordPress blog.
So without further delay, let’s learn about some useful plugins to change the WP login URL.
How To Change WP Login URL with WPS Hide Login Plugin:
With over 90,000+ downloads, WPS Hide Login is the simplest & most straightforward WordPress plugin for changing the admin URL. You can install this plugin by searching for “WPS Hide Login” from your WordPress dashboard (here is the WP repo plugin page).
Once you have installed & activated the plugin, go to Settings > General to configure the options. Scroll down & at the bottom, you will see the option to configure the “WPS Hide Login” plugin.
You can put anything in the blank space & that will be your new login URL. For example, in the above screenshot, shoutmeloud.com/logmein is the new WordPress admin login URL.
If you are the only person handling your blog, you can use any word that you can remember or use something like “dsajkuiksdak” & save this unique login URL into your browser bookmark.
The idea is to make your login page hard to discover. This way, you improve your WordPress login page security to a great extent.
It doesn’t literally rename or change any files in the core, nor does it add rewrite rules. It simply intercepts page requests and works with any WordPress website.
If you are looking to do more than simply hardening your WordPress login page security, you should look for the below-mentioned solution. This one helps in better branding of your WordPress login & register page by giving them a memorable page URL.
Changing WordPress Login & Registration URL For Better Branding:
There are a few plugins that let you rename your WordPress login, register, password reset & logout URLs.
This is useful when you have a multi-author blog or are using WordPress in a way where multiple users need to regularly register or log in.
The most popular plugin is iThemes Security, however, it’s not highly recommended as this plugin offers much more than just customizing the URL of your WordPress registration & login page.
The other plugin which is developed just for renaming WordPress admin login, registration & other pages is the Custom Login URL plugin. This is another simple to use plugin.
Once you have the plugin installed & activated, go to Settings > Permalink to configure.
You can rename the login URL, registration URL, lost password URL, logout URL & authentication redirects. Authentication redirects are the URLs which users will be redirected to after logging in or logging out. A simple tweak in this area can be very effective for your WordPress blog branding & security.
While we are on it, you can further customize the look & feel of the login URL. You can use the Tesla Login Customizer plugin or pick any good looking plugin from here.
Conclusion:
From a security perspective, it’s a good idea to change your WP-admin login URL to make it hard for hackers to guess.
This will strengthen the security of your WordPress blog to a great extent. At the same time, if you are running a multi-author blog or using it in a way where you & others need to regularly interact with the login & registration page, use the other plugins to change the URL.
The second option is optional, however, I recommend you implement the first option (change your wp-admin URL) right away for improved security.
Here are some more articles that you should read to learn more about the security of WordPress blogs:
Like this post? Don’t forget to share it!
Hi harsh ji ,
Thanks for this awsome ariticle ,
It’s really helpful to a blogger like me.
Awesome post 🙂
Nice post Harsh on securing WordPress blog by changing WordPress admin URL.
I have already hidden my blog’s login url, but I still get login attempts on day to day basis. 🙁 don’t remember which plugin I used for the same. I guess I will change the url one more time!
thank you for this awesome artice this was very useful
hello harsh,
thanks a lot searching from many days its a needed thing for wordpress for best security and thank you so much keep up thank you soo much
thank you for providing me with such important information as i previously used to work for startup web design company in mumbai ,sadly it didn’t workout now i am starting my own startup , so this information is very much useful for me
Thanks a lot for sharing.
This is very very useful. I’ve been looking for such a way to change the admin login link to work as a security line. I’ve just followed your instructions, and it worked like a charm.
I run a WordPress blog based on Genesis Framework and the outcome is outstanding. Very compatible, highly recommended.
Thanks again for sharing.
All the best!
Harsh, this is an excellent plugin and works like a charm. Thanks for sharing.
Thank you Harsh. I was worried about changing the login URL. Thanks.
thankyou so much for providing such useful details with us.
Hi Harsh,
I was looking for this post for very long.It will provide extra security to my wordpress website.
Thanks for sharing.
Hello Harsh,
Thanks for your excellent article. This is a really helpful article for all the WordPress users. It will increase our security.
Thanx Harsh for sharing this, I have 1 question how to secure website with https://
@Akash
That depends on what hosting are you using. If you are on Bluehost, follow this guide: https://www.shoutmeloud.com/free-ssl-certificate-bluehost-hosting.html
Thanks for such a valuable post about wordpress login, Great info.😄
Great plugin Harash!! looking foreword to implement on my blog and, Btw is there any way to do it manually without using any plugins??
@Santosh
I’m sure there would be a manual way but I haven’t researched about it.
BTW… this information is very helpful. we have faced these issues in past and just because of login change we are very safe now.
Thanks for this useful post. I will try the plugin. I hope number of hacking attempts (as reported by Wordfence plugin) comes down.
Another great and useful post. I think WPS Hide Login is one of the must-have plugin. Thanks 🙂
Hi Harsh once again great information. Will try this plugin. Can you also please tell if we can do it manually also since installing too many plugins can affect site loading time too???
@Amit
This plugin will not affect your loading time. More over, as long as you are using well -coded plugins, it won’t affect anything. You should read this:
https://www.shoutmeloud.com/wordpress-plugin-how-many-plugins-we-should-use.html
Thanks for the reply will surely try it
Thank you for this valuable article, Harsh.
It’s very important to secure your website from spammers.
This method you shared seems simple and straightforward. I’m glad I saw this.