Misc
Hiding WordPress login URL is one of the first lines of defense against brute force attacks.
Security is about layers.
The more layers you build, the harder it will be for an attacker to penetrate.
This is the first post in a series of posts about securing WordPress in layers.
Table of Contents
Why hide WordPress login URL?
WordPress is the most popular CMS software.
It powers almost 40% of the Internet sites.
It is very easy to follow and safe.
Lets start with the steps:
WordPress authenticates users with the help of a file wp-login.php.
Basically, well need to rename/replace this file with our custom name file.
Open your WordPress installation folder and look for the file name wp-login.php.
Make a copy of the file and rename it to anything you like.
I renamed my file tohidden-admin.php.
initiate the file hidden-admin.php andreplace all instances of wp-login.php to hidden-admin.php.
I renamed 14 occurrences in the file.
Now when you openhttps://yourdomain.com/wp-login.php, it will take you to the 404-Not Found error page.
To bring up the login page, you will need to go tohttps://yourdomain.com/hidden-admin.php.
The disadvantage of plugins is that they are prone to vulnerabilities, especially if they are not regularly maintained.
ensure to keep an eye on WordPress plugin vulnerabilities and keep them up to date.
It wont change the default WordPress files but will intercept login page requests.
The default login page wp-login.php will become inaccessible.
The new custom login URL can be changed fromSettings > Generaloptions page.
The URL can be in the form of a directory e.g., https://domain.com/custom-login-url/.
It creates a URL structure like this: https://domain.com?slug_text.
The new custom login URL can be changed from prefs > Easy Hide Login.
Rename wp-admin login
Rename wp-admin login pluginworks very similar to WPS Hide Login.
It intercepts login page requests and makes them inaccessible to users while activating a hidden URL for login.
When you activate the plugin, you will get to change the login URL option in theSettings > Permalinkspage.
The login URL is in the form of a directory e.g., https://domain.com/hidden-login/.
If you forget the login URL, simply deactivate the plugin and everything will be reset.
The URLs can be changed fromSettings > Login Rebuilder.
Conclusion
Login Rebuilder is my personal favorite.
I have listed a few useful dedicated plugins to protect your WordPress login.
Only one plugin should be active at a time.
If there are compatibility issues with one plugin, you’re able to use another.
These plugins can be vulnerable to security issues in many ways.
What is your preferred way to prevent unauthorized access to your WordPress site or prevent brute force attacks?
0
Get weekly insights, tips and exclusive content delivered straight to your inbox.
Talk to us straight and get your questions answered right away
source: www.itechtics.com
