No website is free from cyber threats. If you are a website owner or stored files anywhere on the web, you may be a victim of hacking tomorrow.
WordPress luckily provides a chance to protect your website through default configurations and security plugins. Thus you can prevent hackers from initiating malicious attacks on your site.
In a recent post, we explained how to limit login attempts and protect your WordPress blog from being hacked.
Now we came with a different method to avoid repeated failed login attempts from the strangers who are not supposed to do. Change default login URL of your site.
www.example.com/wp-login, www.example.com/wp-admin are the common login URLs in WordPress. They are easy to guess by anyone with a basic knowledge of the platform. If criminals found your website is running on WordPress, they will open your default login address and start testing various password combinations to steal the site.
As an admin, you can hide the login page from them by moving it to a different URL. This process helps you reduce the login attacks and protect the site to some extent.
All In One WP Security & Firewall plugin on your blog first. It is a free, brilliant plugin to secure your WordPress contents in several ways.
After activating the plugin, you will see a new menu on the left sidebar with the name WP Security. Choose Brute Force sub menu to rename your login page URL.
Read the warning message carefully and make sure that your hosting provider is not performing server caching on the renamed login page. You may not face any such issues in a common WordPress site. We activated the feature in our demo site and which is working fine there.
Check the box to enable the feature. Enter a string in the next field to customize your login address. It should be difficult to identify by others. Memorize or note down the new URL in a notepad file and Save settings.
If you are planning to uninstall the plugin at a later moment, make sure that you have reverted changes and using default login page for the site.