In the novice hacker’s manual one of the first exercises by far should be to brute force your way into a WordPress site from the login screen, which by default will always be at https://domain.com/wp-login.php.
So they just have to start up their URL monitor with wp-login.php and start launching brute force attacks on every website that has that URL accessible.
It is for this reason that one of the first lines of defense for any WordPress site should be to hide or change the WordPress admin access URL, or protect access by double-checking.
Today we’re going to learn the former: hiding or changing the WordPress admin access URL.
Table of Contents
Change and hide WordPress login URL with plugins
One of the easiest and risk-free ways to change and hide the WordPress admin url is to do it with plugins.
You avoid having to modify WordPress core or server files, and you can always change a plugin easily, plus the developers will take care of updating their plugin as security needs or improvements requested by users grow.
The best thing is that there are many plugins for this security purpose…
There are no problems as long as they work well, and the ones I am going to recommend below all work perfectly.
WPS Hide Login
This is one of the most popular and easy to use plugins for this purpose of changing/hiding the WordPress login URL.
As soon as you install and activate it, go through its settings, which you will find at the bottom of the WordPress general settings screen (I love it), choose the new URL and the URL to which you want to send those who try to access the default login screen.
Save the changes and you’re done. Who said it was hard?
SG Security
The security plugin created by SiteGround, available for any WordPress installation, not only websites hosted on their servers, also incorporates, in addition to double verification, the ability to change the access URL, including the registration URL among its tools.
All In One WP Security & Firewall
Also this popular security plugin offers the feature to hide the WordPress login URL.
Go to the brute force settings and you will find it there. Just activate the tool, choose the new URL and save the changes.
Change and hide the WordPress login URL from .Htaccess
If you are one of those who prefer to have all your codes under control and not rely on third parties, you may have wondered if there are other ways to change the WordPress login URL.
And yes, indeed, one of them is to change the access URL to the WordPress administration on an Apache server using the .htaccess file.
Here’s the code you’ve been waiting for:
# BEGIN Hide URL login WPhelp
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^your_custom_url/?$ /wp-login.php?secret_password [R,L]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^your_custom_url/?$ /wp-login.php?secret_password&redirect_to=/wp-admin/ [R,L]
RewriteRule ^your_custom_url/?$ /wp-admin/?secret_password [R,L]
RewriteCond %{SCRIPT_FILENAME} !^(.*)admin-ajax\.php
RewriteCond %{HTTP_REFERER} !^(.*)yourdomain.com/wp-admin
RewriteCond %{HTTP_REFERER} !^(.*)yourdomain.com/wp-login\.php
RewriteCond %{HTTP_REFERER} !^(.*)yourdomain.com/your_custom_url
RewriteCond %{QUERY_STRING} !^secret_password
RewriteCond %{QUERY_STRING} !^action=logout
RewriteCond %{QUERY_STRING} !^action=rp
RewriteCond %{QUERY_STRING} !^action=postpass
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^.*wp-admin/?|^.*wp-login\.php /not_found [R,L]
RewriteCond %{QUERY_STRING} ^loggedout=true
RewriteRule ^.*$ /wp-login.php?secret_password [R,L]
</IfModule>
# END Hide URL login WPhelpCode language: PHP (php)What should you change in the above code?
For the above code to work correctly you must change some values:
your_url_custom– This will be your new URL to access the site administration. Create your own, for exampledesktoporcontrol_panelormy_homeor something like that. Try to make it unique because today’s bots learn fairly quickly the most used login addresses.yourdomain.com– Your web address, without https://. Change it to yours.secret_password– This should be replaced with a secret key you create. It should be a string of letters and numbers in random order preferably. For example,92dkew1e9383d4wjpeor something similar. Keep it in a safe place in case you need or want to change it.
When you save the changes the login page will be at yourdomain.com/custom_url, for example – wphelp.com/my_home.
I’ve tested it and it works great, showing an error if you try to access the default WordPress login and admin URLs.
Hello,
I try to change the ht but I don’t find anything. Take a look here: https://ibb.co/dQfVDh6
How can i change the url without any plugins?
Thank you