Without a doubt WordPress is the most widely used CMS out there. Well, the fact does not stop there – according to the reports published in April 2013 by a security firm, more than ninety thousand WordPress sites have been hacked. If you run WordPress to power your website, then you must ensure that the best practices are followed to secure it as well. Ok! let’s talk about the title – why changing the WordPress Admin URL is a better idea.
Because, security experts say so and it makes sense as well. If you are an administrator, then only you and your editors are going to login to your website. So, it makes sense that only you guys should know how to login to your site isn’t? It means, anyone who’s not supposed to access the admin page of your website, should not. Also, if a visitor on your site knows that you are using WordPress, then finding the default login URL is not a rocket science.
Technically, changing the WordPress admin/login URL will secure your site from brute force attacks and saves your server resources, which would otherwise be wasted by malicious hackers.
Changing the WordPress login URL will completely hide the backend?
Not really. It’s one of the step to try and hide the backend of your website. But there are plenty out there in the website that can leak information about the site’s backend. For example, the wp-content urls, meta tags, query strings in the URL, footer messages, error messages etc…I guess, you should check this page to learn more about WordPress security.
How to change WordPress Login/Admin URL?
Take a help from popular security plugins. To name, iThemes Security plugin (formerly known as Better WP Security).
Warning: It’s always better to make this change on a fresh WordPress install. However, it should work on existing site as well.
- Download and install iThemes Security Plugin for WordPress.
- After activating the plugin, you may go through several features provided by the plugin. But we are discussing about changing wp-admin/wp-login.php URLs. To do that, click Security > Settings and scroll down to “Hide Login Area” section and check ‘Enable the hide backend feature.’
- Enter URL of your choice under ‘Login Slug‘. Note: Never use words such as login, access, secure, dashboard, private, wplogin etc…Enter something secret and make sure only you and your editors know about it.
- You might also need to check ‘Enable theme compatibility‘ option, if you hit with an error.
- Once done, hit “Save All Changes” button. That’s it!