Today, wordpress has become one of the most popular CMS powering millions of websites on the internet and this has posed a significant threat to such websites. Adversaries will want to target this websites and login to alter or do anything malicious to your website.
But now I think one easy way you might avoid this is by changing the default wordpress login which in most cases is yourwebsite.com/wp-admin or yourwebsite.com/login or yourwebsite.com/admin
Since these adversaries use sophiscated tools to try and acquire your passwords using bruteforce, have a different login URL can make this hard for them. This means you can change the URL to whatever it is that you like, say yourwebsite.com/xxwyz
So we can do this with a plugin or without a plugin
Method 1 (Without a plugin)
I will show you how to manually change WordPress login URL without a plugin but before you start altering anything, backup your files. The backup will always save you from a disaster.
Make sue you have a text editor you’re convinient with, I use Notepad++, Sublime Text, Atom – I have used sublime text in this tutorial though.
Let’s do this.
There are 4 things we are going to do:
- Download the ‘wp-login.php’ file.
- Change the login url.
- Upload the new file.
- Test the new file.
Open the downloaded file with sublime text editor(or one that you prefer to edit your text file). From menu bar go to ‘Find > Replace’ and search for ‘wp-login’. Then replace all of the instance with your preferred url (I used ‘wp-new-tg’) and save the file.
Now rename the file with the URL you used.( I renamed it ‘wp-new-tg’.)
Method 2 Using a plugin
There are some obvious reasons why it is better to use a plugin to secure your login URL. Creating a new login path will not give you any issues with your future updates and its a best practice to protect the core.
You might run into compatibility issues with plugins which contain code with wp-login.php. There are lots of trustworthy plugins available in the WordPress plugins directory for free. You can also use .htaccess to secure your login page, but it comes with complexity. Additionally, misuse of rewrite rules can consume all your memory of the server.
The best way to change your login page is that you use a plugin. Let’s check some of those.
- Rename wp login – This is a very lightweight and opensource plugin with so far 2 contributors (as of May 2020). It changes your login URL in one click and easy.
- WPS Hide Login – WPS Hide Login lets you change the login form with a single click. You can set it for your entire network or for a single site. It neither uses redirects nor changes the core files and very lightweight.
- iThemes Security – iThemes Security is another good plugin to change the login URL of your site. Besides it provides you 30+ additional ways to secure and protect your WordPress site.