Having a WordPress website is not that easy. You have to maintain it (keep the plugins updates, clear any errors and keep it optimised).
Also you should protect it from hackers and malicious scripts.
While you are already busy with creating content and maintaining your WordPress website, if you also have to take care of its security, it can become tedious!
One of the most common and easiest ways in which hackers can get into your WordPress website is by using the Login URL. Surprised?
Why is it so easy? Because it is quite easy to guess the login URL. It is usually www.yourwebsiteurl.com/wp-login.php.
And anyone who uses WordPress probably knows that WP creates a default username called “admin”. And many website owners, leave that username as it is (regardless of they use it or not).
So the job of a hacker gets much easier here. They have a username and all they have to do is just try a password. And they will keep on trying until they break into your site.
Even if the “admin” account doesn’t exist it is not hard for a hacker to crack it. The thing is they will start what is known as a “Brute Force Attack” and this will take a toll on the resource usage of your site (and can take your site down).
I’ve discussed about Brute Force Attack and how to overcome it using the Login Lockdown plugin in this post.
Given that WordPress login URL is so easily available for any website, the best way to prevent unwanted login attempts is by changing the login URL.
How to change your WordPress Login URL?
There are many ways to do this. If you are running a WordPress website, you are lucky because there are plugins to do just about everything.
There are multiple plugins for every issue/challenge. So let me share a couple of plugins that you can use (you just need any one) to change your WordPress login URL.
iThemes Security (formerly known as Better WP Security)
This plugin is not just for changing the WP login URL. It does a lot of other things and is a subject for a separate blog post.
Once installed, the plugin immediately scans your WordPress website and lists any issues/warnings.
For instance, if you have not deleted your admin user account (the default one) the plugin alerts you to do so, which is cute.
Install iThemes Security plugin. In order to change your WordPress login URL, go to your WordPress dashboard click on “Settings” under “Security.
You will see a “Go to” drop down. Choose “Hide Login Area” from the dropdown.
You just have to make sure that the check box is ticked – Enable the hide backend feature.
And then provide a login url slug in the box below that. For instance if you give “login” here your WordPress login URL will be http://www.yourwebsite.com/login.
Custom Login URL
This is a simple but effective plugin that get this job done. Once you have installed Custom Login URL, you have to go to Settings > Permalinks.
And if you scroll down a bit, you will see an additional section called “Authentication Permalinks” in the Permalinks page.
You can then change those slugs in the boxes with the slugs of your choice.
Have you changed your WordPress Login URL yet?
Changing your WordPress login URL adds an additional layer of security to your WordPress website.
You can avoid Brute Force attacks and unwanted login attempts to your site by changing your WordPress login URL.
And I’ve shared 2 simple ways to do this (using 2 different plugins). Choose the one that suits you and change your WordPress login URL now.
Hi Jane,
This is very important. Security on WordPress remains a hot issue. Hackers never stop trying to break into any WP blog.
Recently, one of my security tools stopped over 500 attacks in 24 hours. That’s quite scary isn’t it?
I use iThemes Security plugin for many of the things it offers, including login url modification.
Custom Login URL is great for that purpose too but for more options, iThemes is the choice.
I hope you are having a wonderful week Jane
Thanks Jane.
Considering many vulnerabilities in WordPress framework, it’s extremely important to secure it.
I am using the WPS hide login plugin to change my login URL so no other can see that.
I will give a try to iThemes Security plugin too as it seems that it has more functionalities bundled in 1 plugin.
I have heard that changing your wordpress login url can sometimes break your site and sometimes you face trouble logging in. Any thoughts on this?
If done correctly, this shouldn’t be a problem. I’m using the exact same method on a couple of my sites and I’ve had no issues so far!
I was finding a way to increase my security for wordpress from hacking attempts. This is the best solution because almost all wordpress have same login url. Thanks for providing the solution of this problem.
Hew !!
You are a life saver.
I am a beginner and I recently set up my First WordPress Blog and did not have any idea to change the Login URL.
Finally, did it after trying for days.
Thanks ti this guide it was a life saver.
I think it is great step towards increasing your wordpress security. Can you recommend me the best overall security plugin for wordpress?
Its Really good in the terms of security 🙂