WordPress is the most popular CMS (and best in my opinion) around today. However because of this it’s also targeted a lot by Hackers and is easy for their attack bots to find.
One of the many things you can do to make your WordPress website more secure is change your WordPress Login URL to something unique.
Most people don’t do this and therefore the bots know exactly where to find your login page so they can then set about their attack to try and force their way in. If the bots can’t find the login page then they can’t login.
Note this is only one of a number of things you can do to secure your WordPress site, however, it’s a must because once the bots find your login URL they will continue to attack it.
Important: Even though I have tested this process out I do not accept any responsibility for any issues that occur on your site if you follow this process. Please try this out on a test version of your website first like I did.
Ok, so with that said, on we go…
Install iThemes Security (formerly Better WP Security)
To swap your login URL and also make WordPress a bit more secure we are going to use the iThemes Security plugin, which used to be know as Better WP Security.
Install the iThemes Security plugin and activate it
Secure Your Site Now (optional, recommended)
Again make sure you test this out on a test site first before doing it on your live website. Or know what you have to do to restore your WordPress site in event of an issue!
Once installed, click on the Secure Your Site Now
Important First Steps
Follow the 3 steps above. Note:- Backup is very important!
Step 4 is optional. Once all 4 are finished Click Dismiss
Whitelist your IP
Click temporarily whitelist my IP to make sure you don’t lock yourself out for any reason.
Go to Hide Login Area Section
Click the settings TAB and then chose Hide Login Area from the dropdown menu
Hide Login Area
Check the Enable the hide backend feature
Enter the new URL slug for your admin panel. i.e. mysecurewploginthisoneisabitlong
TIP: Ok, my example was a bit extreme, however, I would add something unique here and not use the default of wplogin because it won’t take long for hackers to include this in their attack bots.
Whatever you change it to make sure you make a note somewhere so you don’t forget it 🙂
Click Save All Changes
Log out of the admin panel and then back in using your new admin URL to test it.
That’s it your done.
This process doesn’t not change either the wp-login.php file or wp-config.php files
iThemes Security has a boat load of other features, however we won’t be going into those in this post. If you do chose to explore these do it on a test server first so you don’t affect your live domain
Leave us a comment below and let me know what you think.