A hacker looking to gain access to a WordPress website with brute force will often try to access the website’s login URL. Sadly, it’s pretty easy to find the login URL of any WP site.
In most cases, anyone can get this URL by adding /wp-admin to the domain name.
If your admin URL is this easy to find and you use a guessable username and password, then you are done for. For instance, some people use WordPress’ default username “admin” till date. It’s just a matter of a few trials before a hacker guesses the password. As such, changing your WordPress login URL and using difficult-to-guess username and password will go a long way in keeping hackers off your website.
In this tutorial, we will show you how to change your login URL, quite easily.
In this article:
Why Change Your WordPress Login URL?
Head over to your browser and type in the following URL, replacing “mywebsite” with your actual website address:
What you’d see is this:
That’s how easy it is to access the login page of your website. With very little effort anybody can access your website just by suffixing /wp-login.php or /wp-admin to your website’s URL.
You may ask: “I use a very strong password and a hard to guess username, should I still be bothered?” The answer is yes!
A malicious hacker might not really be interested in hacking into your website, but taking it down. And the way they would do this is by typing the wrong username and password many times. The more they try, the more your website’s server resources would be maxed out, and at some point, the website would go down.
What if you could change the default logins, wp-login.php or wp-admin, to something else? Maybe to something like mysitelogin? Well, you actually can, and you will get to learn how to do so shortly.
Please bear in mind that while changing the default login URL of WordPress might improve its security, it’s not the ultimate WP security tip. There are many more things you need to do so as to make your website more secure. Please read our WordPress Security Guide for more information.
How to Change Your Login URL
While there are a couple of techniques you can use to replace WordPress’ default login, for this tutorial we will be using a plugin. And it’s for a reason.
If you attempted to make the changes manually via FTP, you would succeed. However, you might encounter technical issues afterward. For example, in the event your website gets updated to the latest version of WordPress, the login URL will automatically revert back to defaults. You’d then have to repeat the process again. Second, you might encounter compatibility problems along the way.
Using WordPress plugins not only saves you these troubles, but it’s also a straightforward and easy process.
For this tutorial, we would be using WPS Hide Login plugin. It’s one of the easiest to use.
Then navigate to Settings >> WPS Hide Login.
Scroll down to the bottom of the page. In the Login URL field, type in your preferred suffix
You can use just about any word, only ensure it’s something you can remember. In this example, we suffixed “mywebsite” to the website’s URL, thus replacing the default wp-login.php
Anyone who tries to use the wp-login.php or wp-admin suffix to access your login page would be shown the “404 not found” page.
Finally, click the Save Changes button.
To test if it worked, once again type www.mywebsite.com/wp-login.php in your browser. You will get an error message like this:
If for any reason, you decide to revert back to the default login URL, simply uninstall the hide login plugin.
Because of the popularity of the WordPress platform, and the fact that its code is open source, the risk of getting hacked is a bit high.
However, there are steps you can take to fortify your site and make it secure. Changing the admin URL is a great first step.
There are however many more things you can do. Please read our WordPress Security Guide for more information.
Though seemingly simple, this simple hack can greatly help improve your website’s security.