WordPress is one of most popular platforms that enables anybody to build almost any type of website. To be more exact, it used by tens of millions of people. Hence, WordPress login URL is a primary target of hackers.
Obviously, the default login page can be found by going to login, admin, wp-admin, or wp-login.php. If it is not secured then hackers using a brute force attack can gain access to your website. In this article, we will show how the WordPress login system works and how can you secure your WordPress login page.
WordPress Login Overview
First of all, we have to log in before you can access your WordPress dashboard. The default WordPress login page is certainly pretty simple. There you enter username or email address and password to access to your admin area.
In case you have lost your username or password, it can be recovered.
Using your login page shouldn’t give you any problem anyway. Although, keep in mind your current login URL if you have changed it, or use the default wp-login.php page if not.
Manual Security
By default, the wp-login.php file includes all the code that builds the login page, and loads the login sequence. So, we can copy the code from this file to a new one.
This is simple working but rough way to change the login page URL. To realize it we will need an access to WordPress files and any text editor.
As you can see, entire process consists of 5 steps:
1. Create a new file.Create a new file from a text editor and save it to your website root folder. Name the file, as you want your login to be, for example, newp-login.php.
2. Copy and paste the Code
Open the wp-login.php file, select all code. Then copy it to our newp-login.php file and save new file.
3. Find and replace the string
Using Find-and-Replace feature we replace every instance of “wp-login.php” in our new file with our “newp-login.php”. Similarly, make sure to save it.
4. Delete the wp-login.php file
Well, you can delete wp-login.php file.
5. Test new login URL
Now you should be able to login by navigating to your new URL. For example, http://yoursite/newp-login.php.
Further, we show other methods to change or hide your WordPress login page.
WPS Hide Login
WPS Hide Login is one of plugins, which let you change the login form in a few clicks. For instance, you can install it for a single website or for your network. It should be noted, plugin does not change core files, not use redirects. It just adds a form field into dashboard settings.
Easy Hide Login
Arshid presents another WordPress plugin for WordPress login securing. In general, Easy Hide Login comes with the same functionality as previous plugin. However, it is more lightweight and hence faster.