One of the most common types of hacking on WordPress is a brute force attack. In this kind of attack, a hacker attempts to try various permutations & combinations of usernames & passwords to get inside of your WordPress blog.
Especially when we all know that the common WordPress admin URL is “wp-admin”, any hacker can easily get started with brute force attacking.
There are many free security WordPress plugins out there that help you prevent brute force attacks. One major step you can take right now is by changing the WordPress admin URL. This way, hackers will not be able to find the login link & this reduces the chance of getting attacked.
In this WordPress security series, I will be showing you how you can use two plugins to change your URL. One plugin is simply used to change the login URL of WordPress from a security perspective, and the other one is for improving the user experience.
At the end of this guide, I have also shared more useful resources that you can follow to improve the overall security of your WordPress blog.
So without further delay, let’s learn about some useful plugins to change the WP login URL.
How To Change WP Login URL with WPS Hide Login Plugin:
With over 90,000+ downloads, WPS Hide Login is the simplest & most straightforward WordPress plugin for changing the admin URL. You can install this plugin by searching for “WPS Hide Login” from your WordPress dashboard (here is the WP repo plugin page).
Once you have installed & activated the plugin, go to Settings > General to configure the options. Scroll down & at the bottom, you will see the option to configure the “WPS Hide Login” plugin.
You can put anything in the blank space & that will be your new login URL. For example, in the above screenshot, wpsaviour.com/logmein is the new WordPress admin login URL.
If you are the only person handling your blog, you can use any word that you can remember or use something like “dsajkuiksdak” & save this unique login URL into your browser bookmark.
The idea is to make your login page hard to discover. This way, you improve your WordPress login page security to a great extent.
It doesn’t literally rename or change any files in the core, nor does it add rewrite rules. It simply intercepts page requests and works with any WordPress website.
If you are looking to do more than simply hardening your WordPress login page security, you should look for the below-mentioned solution. This one helps in better branding of your WordPress login & register page by giving them a memorable page URL.
Changing WordPress Login & Registration URL For Better Branding:
There are a few plugins that let you rename your WordPress login, register, password reset & logout URLs.
This is useful when you have a multi-author blog or are using WordPress in a way where multiple users need to regularly register or log in.
The most popular plugin is iThemes Security, however it’s not highly recommended as this plugin offers much more than just customizing the URL of your WordPress registration & login page.
The other plugin which is developed just for renaming WordPress admin login, registration & other pages is the Custom Login URL plugin. This is another simple to use plugin.
Once you have the plugin installed & activated, go to Settings > Permalink to configure.
You can rename the login URL, registration URL, lost password URL, logout URL & authentication redirects. Authentication redirects are the URLs which users will be redirected to after loggin in or logging out. A simple tweak in this area can be very effective for your WordPress blog branding & security.
While we are on it, you can further customize the look & feel of the login URL. You can use the Tesla Login Customizer plugin or pick any good looking plugin from here.
From a security perspective, it’s a good idea to change your WP-admin login URL to make it hard for hackers to guess.
This will strengthen the security of your WordPress blog to a great extent. At the same time, if you are running a multi-author blog or using it in a way where you & others need to regularly interact with the login & registration page, use the other plugins to change the URL.
The second option is optional, however I recommend you implement the first option (change your wp-admin URL) right away for improved security.