Having a WordPress website is not that easy. You have to maintain it (keep the plugins updates, clear any errors and keep it optimised).
Also you should protect it from hackers and malicious scripts.
One of the most common and easiest ways in which hackers can get into your WordPress website is by using the Login URL. Surprised?
Why is it so easy? Because it is quite easy to guess the login URL. It is usually www.yourwebsiteurl.com/wp-login.php.
And anyone who uses WordPress probably knows that WP creates a default username called “admin”. And many website owners, leave that username as it is (regardless of they use it or not).
So the job of a hacker gets much easier here. They have a username and all they have to do is just try a password. And they will keep on trying until they break into your site.
Even if the “admin” account doesn’t exist it is not hard for a hacker to crack it. The thing is they will start what is known as a “Brute Force Attack” and this will take a toll on the resource usage of your site (and can take your site down).
Given that WordPress login URL is so easily available for any website, the best way to prevent unwanted login attempts is by changing the login URL.
How to change your WordPress Login URL?
There are many ways to do this. If you are running a WordPress website, you are lucky because there are plugins to do just about everything.
There are multiple plugins for every issue/challenge. So let me share a couple of plugins that you can use (you just need any one) to change your WordPress login URL.
iThemes Security (formerly known as Better WP Security)
This plugin is not just for changing the WP login URL. It does a lot of other things and is a subject for a separate blog post.
Once installed, the plugin immediately scans your WordPress website and lists any issues/warnings.
For instance, if you have not deleted your admin user account (the default one) the plugin alerts you to do so, which is cute.
Install iThemes Security plugin. In order to change your WordPress login URL, go to your WordPress dashboard click on “Settings” under “Security.
You will see a “Go to” drop down. Choose “Hide Login Area” from the dropdown.
You just have to make sure that the check box is ticked – Enable the hide backend feature.
And then provide a login url slug in the box below that. For instance if you give “login” here your WordPress login URL will be http://www.yourwebsite.com/login.
Custom Login URL
This is a simple but effective plugin that get this job done. Once you have installed Custom Login URL, you have to go to Settings > Permalinks.
And if you scroll down a bit, you will see an additional section called “Authentication Permalinks” in the Permalinks page.
You can then change those slugs in the boxes with the slugs of your choice.
Have you changed your WordPress Login URL yet?
Changing your WordPress login URL adds an additional layer of security to your WordPress website.
You can avoid Brute Force attacks and unwanted login attempts to your site by changing your WordPress login URL.
And I’ve shared 2 simple ways to do this (using 2 different plugins). Choose the one that suits you and change your WordPress login URL now.