To get into your administrative functions you need to log into your site. This is how you add posts, pages, make changes, add plug-ins and, if you have a shop, it’s also how you see orders, close orders, get shipping information, and just about everything important in your site. In short, it’s important. By default, your login URL is https://www.yourdomain.com/wp-admin. That makes sure that you know where to go. The problem is that if we know that, so do hackers. You can make their job harder when you change the WordPress login URL.
Hackers most of the time work by writing automated scripts that search the internet looking for websites and they often try to do what’s called a brute force attack on sites, knowing that many of them don’t properly secure their sites. While that’s a hassle for us, the good news is that the more roadblocks we can put in the way of this automation, the more they are likely to move on and try the next site. There are enough targets out there for them that they want the easy targets, so we need to avoid being that easy target.
The login screen is one of those roadblocks. We can change that default URL to something else, say https://www.yourdomain.com/knockknock This alone will help keep them out. Make sure that you remember the new URL because otherwise, you could lock yourself out of your site. This can be fixed, but it’s a hassle. Unfortunately, security procedures are like that. If you aren’t careful, you can make it difficult for you to get into your own site.
Keep the Bad Guys Out with You Change the WordPress Login URL
This is actually pretty easy. While you can do it manually, it will be overwritten every time you update WordPress, so it’s best to use a plug-in. I have found that WPS Hide Login is an effective, easy plug-in to use. First, you need to go in and add the plug-in. It’s easiest to search for WPS Hide Login. We’ve also linked to it here to make your job easier..
Once that’s installed, make sure to activate it, and then it should take you to the plug-ins menu where you can set the options. (You can find them later if you need them in the Settings menu on the left.) The settings are incredibly easy.
Use the Login URL to change the login URL to whatever you want. For the redirection URL, set the page that you want someone to go to if someone tries to get to the wp-admin page. It defaults to the 404 page. If you’ve never seen that before, it’s the page where you are directed if you ask for a page on a legitimate website that doesn’t exist. While it would be a lot of fun to make a page that says “HA! I’ve hidden my login you dirty jerk!” better just to let a bad guy wonder.
That’s really all there is to it. Now if you want to log onto your page to make changes, go to that new URL. So, in our example, we would go to www.yourdomain.com/knockknock. Otherwise, you can’t log in. A simple change in the WordPress login URL will help keep the bad guys out. Just by making ourselves a more difficult target, they are more likely to move on to the next WordPress site.
This isn’t the only easy thing you can do to keep your site safe. We’ve gathered a few other best practices you can do. Make sure that you regularly backup your site. WordPress is a great system but you need to make sure you do your part not to make your site a target for hackers.