WordPress is widely used by many webmasters nowadays thanks to its power and flexibility. You can build almost anything with WordPress, from a blog to a professional eCommerce store. That’s why WordPress sites are the favorite target of hackers.
To list all the WordPress security tips, I may need a book. However, I’m going to show you one very effective tip to improve your site’s security. That is to change the login URL.
The default login URL of any WordPress site
By default, you can login to any wordpress site by typing thesite.com/wp-admin. You will be redirected to thesite.com/wp-login.php. If you leave the login URL as above, the attackers don’t need to do extra work (which is to find your login URL). Thus, they need less time to hack your site. That’s not what you want.
How to change the default login URL of your WordPress site
To change the login URL of your site to something else, simply install a plugin called WPS Hide Login. You can search for that plugin inside your admin area or download it here.
After installing the plugin and activated it, let’s go to Plugins->Installed plugins and find WPS Hide Login:
Let’s click on Settings link under WPS Hide Login. You’ll see a very simple interface.
There are only two fields.
Login URL: this is the new login URL that you want to specify. Make sure you remember your new login URL since the next time you login, /wp-login.php or /wp-admin is not accessible any more.
Redirection URL: The URL that is shown when someone try to access the login page using the old URL (wp-admin, wp-login.php)
Now, let’s save the changes and test the plugin.
Test the new login url
If I go to the new login URL, surely I can see the login form:
If I go to the old login url, I’ll see a different page. In my case, that’s is a 404 page.
The plugin works as expected. That’s great!
What if you forget the new login URL
It is not rare that after you set the new login URL, you can’t remember exactly what it was after a few weeks or a few months. If you are in this situation, don’t worry. You can simply get the old login URL back by login to your server (via FTP or cPanel) and delete the folder wps-hide-login inside wp-content/plugins.
After logging in, you can download the plugin again and set a new login URL.
It is recommended to change the default login URL of your site to something else rather than using the default provided by WordPress. Fortunately, there are plugins available that do this job quickly for us. WP Hide Login is one of the best plugin for this job. In case you forget the new login URL, simply delete this plugin via FTP or cPanel or SSH then you can login to your site via the old login URL again.