Usually, the default URLs through which you can log in to WordPress are: yourdomain.com/wp-admin/ or yourdomain.com/wp-login.php/.
Now, some of you might want to change that. Why? you ask. Well, let me give you a couple of reasons.
If you have a membership website, it’s most likely that your members will log in using the WordPress form, so if you keep the default URL, it might look unprofessional and / or strange to some of them, especially to those that are not familiar with WordPress at all.
Therefore, you might want to change it to something like /user-login/, /member-area/, etc.
This should be the main reason why you’d change your login URL, because it adds another layer of security to your WordPress website. You can never have too many layers of security to your website, or even in general, right?
By having a custom login URL, you’ll make it harder to find by automated attacks, such as brute force attacks, which are the most common type of website security breach.
There are hackers which are enjoying hacking WordPress websites in bulk. They send brute force attacks to try different combinations for:
- Your login URL;
- Your username;
- Your password.
Now, first they’ll check for the obvious /wp-admin/ and /wp-login.php/ login URL, so if you use that, they just found it in several seconds, thus successfully checking 1 out of 3 steps.
Then they’ll go for the username, and if you have something like “Admin”, they just completed 2 out of 3 steps in another several seconds.
If you also have a password like “admin123”, then your site will most likely get hacked.
Changing the URL and using strong usernames and passwords doesn’t mean you won’t get hacked 100%, but it will take more than an average hacker, which also has free time and targets you personally, not WordPress sites in bulk.
Of course, there are a lot of other means to hack a website, that’s why you should always use a security plugin, like iThemes Security (try iThemes Security Pro for extra safety and features) or Wordfence.
In addition to that, you can also use some external security, like SiteLock.
Also, some web hosts might offer built-in security tools. For example, SiteGround offers a tool called SG Site Scanner, which is powered by Sucuri.
Changing your WordPress login URL with WPS Hide Login
WPS Hide Login is a very simple plugin, which will get the job done right away.
All you have to do is to install it, then go to Settings -> General, scroll at the bottom, and then change your login URL with whatever you want (don’t use special characters, like ^&8]’ and so on). That’s it!
- The plugin is set to instantly change your login URL to /login/ after you install it, so if you happen to just install and activate it, and then log out, the next time you’ll have to log in using yourdomain.com/login/;
- Some security plugins, like iThemes Security, might have this feature already built-in, so you won’t need to install this plugin or other. Make sure you check your security plugin’s settings;
- Changing your login URL might end up in conflict with some themes and plugins that hardcoded wp-login.php. It’s not the plugin’s fault. It recently happened to me with a theme I was working on. I changed the URL, I could log in, but every time I logged out, 20 fatal errors kept popping up. I can’t do anything about it until the theme developers make some changes with the code.
That’s a wrap
Hope you found the article useful!
Don’t forget to share!