A hacker looking to gain access to a WordPress website with brute force will often try to access the website’s login URL. Sadly, it’s pretty easy to find the login URL of any WordPress site except you change it. If you do not change it, anyone can get this URL by simply adding wp-admin to the domain name.
If your admin URL is this easy to find and you use a guessable username and password, then you are done. For instance, some people use WordPress’s default username “admin” till date. It’s just a matter of a few trials before a hacker guesses the password.
As such, changing your WordPress login URL and using a difficult-to-guess username and password will go a long way in keeping hackers off your website.
In this tutorial, we will show you how to change your login URL, quite easily.
- Why change your login URL
- Why you Shouldn’t Change Login URL Manually
- How to change your login URL
Why Change Your WordPress Login URL?
Head over to your browser and type in the following URL, replacing “mywebsite” with your actual website address:
What you’d see is this:
That’s how easy it is to access the login page of your website. With very little effort anybody can access your website just by suffixing /wp-login.php or /wp-admin to your website’s URL.
You may ask: “I use a very strong password and a hard-to-guess username, should I still be bothered?” The answer is yes!
A malicious hacker might not really be interested in hacking into your website, but taking it down. And the way they would do this is by typing the wrong username and password many times. The more they try, the more your website’s server resources would be maxed out, and at some point, the website would go down.
What if you could change the default logins, wp-login.php or wp-admin, to something else? Maybe to something like mysitelogin? Well, you actually can, and you will get to learn how to do so shortly.
Please bear in mind that while changing the default login WP-admin URL might improve its security, it’s not the ultimate WP security tip. There are many more things you need to do so as to make your website more secure. Please read our WordPress Security Guide for more information.
Why you Shouldn’t Change Login URL Manually
While there are a couple of techniques you can use to replace WordPress’ default login, for this tutorial we will be using a plugin. And it’s for a reason.
If you attempted to make the changes manually via FTP, you would succeed. However, you might encounter technical issues afterward. For example, in the event your website gets updated to the latest version of WordPress, the login URL will automatically revert back to defaults. You’d then have to repeat the process again, which will be tedious and redundant.
Second, you may experience issues when you want to log out from your WordPress dashboard. In addition, you might encounter compatibility problems along the way, resulting from altering WordPress core files.
How to Change Your Login URL
Using WordPress plugins not only saves you the troubles mentioned above, but it’s also a straightforward and easy process.
For this tutorial, we would be using the WPS Hide Login plugin. It’s one of the easiest to use and has a 5-star rating on the WordPress plugin directory.
Then navigate to Settings >> WPS Hide Login.
Scroll down to the bottom of the page. In the Login URL field, type in your preferred suffix
You can use just about any word, only ensure it’s something you can remember. In this example, we suffixed “mywebsite” to the website’s URL, thus replacing the default wp-login.php
Anyone who tries to use the wp-login.php or wp-admin suffix to access your login page would be shown the “404 not found” page.
Finally, click the Save Changes button.
To test if it worked, once again type www.mywebsite.com/wp-login.php in your browser. You will get an error message like this:
If for any reason, you decide to revert back to the default login URL, simply uninstall the hide login plugin.
Side Note: If you forget the custom login URL you set, you will not be able to log into your WordPress dashboard. One way to prevent such a scenario from occurring is to bookmark the login URL.
However, if you did not bookmark the URL, you will need to disable the plugin from your server. For this, check our guide to learn how to disable WordPress plugins through FTP.
Because of the popularity of the WordPress platform, and the fact that its code is open source, the risk of getting hacked is a bit high.
However, there are steps you can take to fortify your site and make it secure. Changing the wp-admin URL is a great first step.
There are, however, many more things you can do. Please read our WordPress Security Guide for more information.
Though seemingly simple, this simple hack can greatly help improve your website’s security.
- Cannot Login to WordPress Admin Dashboard? How to fix this issue.
- Adding an Image from a URL
- How To Change A WordPress Theme