How To Change The Login URL For Better WordPress Security

How To Change The Login URL For Better WordPress Security

0 Comments . 5 February 2021  .  minute read

Disclosure: This article contains affiliate links. When you click these links and make a purchase, I may get a small commission. It won’t cost you anything, but it helps me to run this site.  Find out more.

Changing the default login URL is an effective way to stop the majority of bots who try to gain access to your website.

The normal way to login to WordPress is by calling yourdomain.com/wp-login.php or /wp-admin (which redirects to wp-login.php).

If you were to examine your server’s access logs you will likely see a huge number of entries involving the file wp-login.php. This is because there are bots out there who continuously call this file in hope of guessing the password and gaining entry to your website.

If you have a plugin like Malcare installed the number of times that someone can try to log in are limited because Malcare will block access after a few failed attempts.

Each time wp-login.php is called it puts a strain on your web server. Even though you might be protected with a plugin, it will relieve pressure considerably if you can return a 404 (page not found) response instead.

Fortunately, it is super easy to change the URL because there is a plugin you can install which is effective and lightweight, and it is super-easy to set up, with no technical knowledge required.

Video How to change the Login URL for better security

Don’t have time to read. See this short video instead.

How to change the Login URL for better security with a plugin

Step 1 – Install WPS Hide Login plugin

  • Go to Plugins->Add New and search for wps hide login

You should find that the plugin comes up first in the list.

wps hide login plugin
  • Click Install then Activate

Step 2 – Setup the WPS Hide Login plugin

  • Now visit Settings->WPS Hide Login and scroll down to the bottom of the screen.
  • Set the Login URL. Here you can enter the name for your login URL. This is the URL that you will use to login instead of the normal one. You could leave it at the default ‘login’ or you could change it to something that might be more difficult to guess. Note that the URL you enter here doesn’t need to be an actual page on your website.
  • Set the Redirection URL, i,e the page people will be sent to when they try to access to old URL. This setting is fine left at the default ‘404’. Again this page does not have to exist.
WPS Hide Login settings screen
  • Save your changes.

Step 3 – Login using the new URL

Now, every time you log in yourself, you must remember to use the new URL you set, so if you set the login URL to ‘login’ you would visit https://yourdomain.com/login

Wrapping up

If someone really wanted to hack your website, they could probably find your new login URL without much trouble. We are using security by obscurity here.

However, this little fix is going to deter most of the bots that mindlessly try to login using the standard URL that most WordPress websites use.

If you don’t already have a security plugin such as Malcare installed on your blog, I thoroughly recommend you install it because it will vastly reduce the number of times that a bot or a person can attempt to login.

Proofread with Grammarly

Related posts

Did you love this post? Please share it if you did!

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
>