To help further secure your WordPress installation, it is advisable to change your WordPress login URLs from the default "yourdomain.com/wp-admin" or "yourdomain.com/wp-login.php", to a unique url of your choosing.
This will help to cut down on automated bot login attempts as well as brute force attacks against your WordPress login page.
The easiest way to do this is to set up a plugin within WordPress called
WPS Hide Login which we will show you how to install and set up below.
Please note that there are various other security and login plugins available directly from the WordPress plugin repository which can also help you change the login URL if you do not wish to use the plugin used in this guide.
Installing WPS Hide Login in WordPress:
Firstly you will need to log in your WordPress admin area / dashboard - This will normally be at a URL such as mydomain.com/wp-admin (replacing mydomain.com with your own domain name)
Once logged in, hover over
Plugins on the left menu, then click on the
Add New option.
Next, In the
Search box in the top left of the screen, enter
WPS Hide Login then press enter. This will search for the plugin from the WordPress plugin repository, and also show related plugins in the search result.
You should see
WPS Hide Login appear as the first result. Click on the
Install Now button to install the plugin on WordPress
Once installed, the button will change to a blue
Activate button. Click this to activate the plugin.
This will then take you back to the
Installed Plugins page, where you will see the
WPS Hide Login highlighted blue, to show that it has been activated.
Next we will need to configure the plugin settings in order to change the login url for our WordPress site.
Click on the
Settings link below the
WPS Hide Login plugin.
Note that the plugin settings can be accessed by either the Installed Plugins page, or by going to Settings - WPS Hide Login on the left hand menu of your WordPress dashboard.
You will then be taken to the WordPress General settings page, and see the WPS Hide Login settings. There are two settings that you will need to adjust here:
- Login URL - Enter the URL that you would like to change your WordPress login page to. This will then prevent the default "wp-admin" and "wp-login.php" URLs from being accessible to website visitors. In this example we've set this box to "hidedemo", meaning our WordPress login would now be: mydomain.com/hidedemo rather than mydomain.com/wp-admin.
- Redirection URL - Enter the URL that you would like visitors to be redirected to if they try to access yourdomain.com/wp-admin or yourdomain.com/wp-login.php. By default this is set to "404", and so will go to your sites 404 page. If for example you left this box blank, anyone trying to visit wp-admin or wp-login.php would just be redirected back to your websites homepage.
Once you've chosen the URLs you would like to use, click on the
Save Changes Button to save the settings.
WordPress will then save the WPS Hide Login settings, and display a "Settings Saved" message at the top of the page, along with a link to your new WordPress login URL.
Please be sure to either bookmark the new login link, or make a note of this somewhere.
Note: If you ever forget your custom login URL, or are having issues accessing this, you will need to manually disable the WPS Hide Login plugin. The quickest way to do this would be to access your cPanel File Manager, go in to the folder your site is installed, then go to wp-content/plugins folder and rename (or delete) the folder called wps-hide-login. This then sets your WordPress site back to use yourdomain.com/wp-admin for login.