WordPress is the leading CMS powering over a million websites. It have come a long way in terms of stability and security. However, being open-source and most-used also make it a target of hacks and breaches. While no method can guarantee 100% security against malicious attacks it always helps to keep as many safeguards as possible. Today we will talk about one such method viz. changing login page url.
As we mentioned earlier WordPress is open-source. Which means everyone knows that the login page url endpoint is wp-admin, now that url is known to everyone it is fairly easy to run a brute force script to crack open the backend panel. To avoid such scenarios we can change the url of login page.
While it can be done programmatically, there is no need to get our hands dirty. We are going to use a popular security plugin: WordPress All in One Security.
Install the plugin either from admin backend or manually via FTP and activate it.
Now, before proceeding, please take a backup of your website in case things go south and you end up locking yourself out. Once you have done that go to admin backend and click on WP Security >>Brute Force menu on sidebar. A new menu page would open, make sure that Rename Login Page tab is active on this page.
You should arrive at admin url customization options as shown in the following screenshot.
Here enter a new url. Make sure to avoid common patterns. Once you have done that save the settings. Make sure to save this url at someplace safe because once settings are saved, you will not be able to login through default url.
To test it, logout and try to access the usual wp-admin link. You should be greeted with a “Not Available” error message. Going forward, in order to login you will need to use the changed url.
Voila! We have successfully changed the login url. Feel free to add your suggestions through comments. See you next time. 🙂