By default, the address used to log into the WordPress site administration is www.domena.sk/wp-admin, which can be a significant security issue as this address is essentially the same on every WordPress site.
Potential attackers can get to the login page without the slightest problem, so there is nothing stopping them from using it to try different username/password combinations so that they can log into the administration of the WordPress site and then perform various malicious activities on it.
However, if they didn’t know the URL of the login page, they would have no place to test these hacking attempts. So the question is whether it would be better to have a different admin URL for each WordPress site for security reasons. Of course it does.
So how to change wp-admin for something else?
As for everything (almost everything), there are a large number of more or less suitable plugins that will change the login URL. However, I personally recommend only one of them – WPS Hide Login, which is very popular in the WordPress community. It’s simple to configure, but that doesn’t mean it doesn’t do what it’s supposed to do. It does, and very well.
Once it is installed, it needs to be configured:
- In the administration of your WordPress site, go to Settings/WPS Hide Login in the left menu
- In the Login URL line, enter your own login URL name (e.g. my-admin-url) and in the Redirection url line, set the URL to which the visitor will be redirected if they try to open www.domena.sk/wp-admin. I recommend not changing anything and leaving the default “404”.
- Once saved, the login page address will change from www.domena.sk/wp-admin to www.domena.sk/moja-admin-url So no attacker except you will know the correct address for logging into the administration, which will significantly reduce various attempts to hack into your site.
- If you are using a caching plugin on your site, you need to set this new URL to not be cached, but only if you are not using WP Rocket. This one is fully compatible with the WPS Hide Login plugin, it will set it itself. If you are using W3 Total Cache or WP Super Cache, these should display a notification that the URL needs to be exempted from caching, but they won’t set it themselves. For WP Fastest Cache, go to the Exclude tab in the settings and add a new rule:
TIP: 10 tips to secure your WordPress site
I help entrepreneurs on the way to their own website.