Change Your WordPress Login Page

WordPress and Security

WordPress is an open-source framework for building websites that is perfect for most small businesses to build websites that are easy to create and manage.

Open-source, means that the code that makes WordPress run, is actively managed by a large group of volunteer developers that actively identify and resolve issues present in the code that makes WordPress function.

Because of this community of developers, WordPress tends to be a relatively secure platform for building websites. However, there are a few drawbacks inherent in how WordPress works and perhaps none are as frustrating as the default WordPress login page.

The WP-Admin Page

On any WordPress site, by default, the admin login page can be accessed by appending '/wp-admin' to the end of the URL. The presence of this page alone is enough to inform any user that your current site is running WordPress.

Because would-be hackers can typically count on this login page being in the same location for every WordPress site, they will typically attempt to login-in using common combinations of usernames and passwords.

There are several ways to protect yourself from these automated log-in attempts. For one, you should definitely make sure you are utilizing a secure password. It also doesn't hurt to set-up two factor authentication using a security plugin like Sucuri or Solid Security to reduce the risk that a leaked password can provide access to any hacker to your website.

However, it is also worth considering moving the WordPress login page somewhere else entirely. This will drastically reduce the number of bot-login attempts. Keep in mind there are still other default URLs that can be pinged to verify your site is running on WordPress ( /wp-json for instance)

Hide the Login Page

You can use a plugin called, 'WPS Hide Login' to set a new admin login page and to redirect the old '/wp-admin' url to a 404 page.

After installing the plugin, you'll see two fields at the bottom of your "General Settings" page. The first field, login url, allows you to enter the new login url for your website. Now to login to your WordPress site, you would go to the URL you've created rather than the default /wp-admin url.

Below the login url field you'll see a field called "Redirection URL", this field controls where users who attempt to access the default /wp-admin url will end up. In most cases, it is best to set this url to 404. This will result in any user trying to access the default login url being redirected to a 404 error page instead.

Need Help?

You can contact us here.