The WordPress login page is the most important part of your website, it’s the only thing that can secure or destroy your entire hard work, and if you really want to avoid hacks and problems, you should change the WordPress login URL page and make it secret.
That’s what bloggers and webmasters forget in general and especially when starting a website for the first time. So, let’s secure your admin login page and limit the brute force attacks as maximum as possible.
There are multiple plugins to change the admin login URL page, but most of them will make things complicated and even risk your website’s normal functionality, simply because they will rewrite some URLs and that will create conflicts.
Luckily, there is a great plugin that works smartly and better than the others. Of course, it’s free and downloadable from your dashboard or the WordPress plugins directory. It’s called Rename wp-login.php and you have to use it.
What makes this plugin different is that it simply makes the admin login page ”wp-admin.php” and the ”wp-login.php” page inaccessible for non logged users, at the same time, it will never rewrite your page address.
Best of all, you don’t have to edit any part of your blog or even make any change. To secure your admin login page and change the login URL completely, install that plugin, and create your new URL login page as you want, even, if you want to make it strong as a password, that will be better.
Change your WordPress login URL
If you know how to install and activate plugins, then, you don’t need the next steps, they’re for newbies and I want to show them a detailed tutorial to avoid mistakes. But, remember to add your new login URL to your caching plugin excluded pages if you’re using one of them. Anyway, let’s install the plugin and change your login URL.
To get started, log in to WordPress, and click, “Plugins”, then”, “Add New”:
All you have to do now is to search for “Rename wp-login.php” as next:
The plugins will be listed among others and you should only focus on the exact name, then click, “Install Now”
Please remember that the plugins’ version can be different from the screenshot. Just focus on the exact name to find it. After the installation process that will take a few seconds. You need to activate your new plugin by clicking the “Activate Plugin” link as the screenshot below:
After the activation, the plugin will take you directly to the “Permalinks” under the “Settings” page, where you can create your new login URL. Just scroll down and create a long URL and make it hard to remember even for yourself. The goal is to hide your real login page and hackers will never find it if you create a strong one like the one in the below screenshot:
As you can see, your new login page will be secret, and no one can find it if you keep it in a safe place. You can use any of the popular password manager extensions for your browser. They allow you to keep your login details safe, if you have a Google Chrome or Firefox, search for “password manager” extension, and you will find lots of them. This is just to make sure that you remember your new login address and password.
Very Important: Please remember to add your new login page to the caching plugin excluded pages. You will get a notification message at the top of your admin area saying that you should add the new login address to any of your caching plugin used to make your site faster.
For the WP Super Cache plugin, click “Settings”, then, “wp-super cache”, under your plugin admin, click “Advanced” and scroll down until you see the following settings:
For the W3 Total Cache plugin (if you have it) click “Performance”, then, “Page Cache” and scroll down to find “Never cache the following pages:” as the bellow screenshot, and add your new login URL suffix only:
That’s it, now, you have a new secret login page URL and you’re the only one who can access it, if you have members or editors, you can give them the login address, but make sure to secure it. I hope this tutorial helped and you’ve really learned how to change the WordPress login page Url for better security.
Please note that you will notice no more login attempts that you receive daily from hackers and software, your blog or website is now more secure and you can tell your friends about this method by linking to this post, I’ll appreciate that.