In order to access WordPress dashboard, you will have to provide a valid username and a password. When you want to login, you will have to navigate to the form in charge of that. By default, WordPress uses /wp-admin URL to get you to the login form and this can’t be easily changed from general settings.
That means most of the websites powered by WordPress use the same login URL. Since WP is such a popular platform, this becomes a huge vulnerability issue and it’s almost like you’re inviting hackers and different bots to attack you. It is easy to see if a website is run on WordPress and if so, anyone could get access to your login form simply by adding /wp-admin in the address bar.
If you run security tests on your site, login URL will most probably scream for your attention. Now that you’ve realized your site might actually be in danger, you might be wondering how to change that URL.
WPS Hide Login
Instead of tampering with WordPress core files or editing ones on your server, we’re about to tell you about this simple and free plugin which will do the job for you:
- Go to Plugins -> Add New
- Search for “WPS Hide Login”
- Install and activate the plugin
- Navigate to Settings -> General
- Scroll to the bottom where you will find “Login URL” field
- Change the URL to anything you like and save changes
Be creative and choose a unique WordPress login URL which won’t be easily guessable but still have in mind that you need to remember it. Of course, you can bookmark your new URL without problems.
Since the plugin doesn’t actually change any files nor it creates redirect rules, it means it will work flawlessly with any 3rd party plugins which hook into the original login form. Because of that, there really isn’t a reason you shouldn’t change your login URL and make your site a bit safer.
If you have changed your login URL, you might be interested into limiting access to your login site by adding an extra password before it, remove WordPress version from your site or stop showing unnecessary login info.