As a measure to improve website security, one of the steps you could take would be to change the login URL so you can avoid spam login attempts and prevent potential hacks.
If you are using a WordPress website, the default login URL is www.domainname.com/wp-login.php which is not ideal as it’s easily identifiable.
In this article, we will take you through the steps to change the login URL and create a custom one on WordPress. We’ll also discuss why adding a custom URL will improve the browsing experience for your visitors.
Importance of changing the login URL
Over 40% of websites run on the most popular CMS platform, WordPress. Due to its popularity, hackers frequently attempt to access your dashboard using methods like brute force attacks.
There are mainly two ways to login to a WordPress website and they are the standard login URLs, i.e. “/wp-admin/” or “/wp-login/.” You would probably agree that the high security risk is caused by the fact that these URLs are fairly obvious and simple to remember.
Although WordPress does not offer the option to customize the Login URL, you can use the process described in this article to do so for your website.
You can increase the security of your website and make it more challenging for hackers to access it by changing the URL of the WordPress login page.
Here’s why you should consider changing the login URL on WordPress:
Prevent Any Form of Brute Force Attacks
Brute force attacks are a type of cyber-attack in which hackers use software to enter different combinations of spinning characters to discover your website’s password.
Setting up a distinct login URL makes life more difficult for hackers, prevents unwanted clutter on your website and improves the overall security of your website.
Speed Up Your Website
Closely related to the previous point about brute force attacks, changing the login URL can prevent unnecessary use of server resources as you will now be eliminating these attacks. This will result in an improvement in page speed.
How to change the login URL on WordPress?
If your website is built on WordPress, one of the easiest ways to change the login URL is by using a plugin. Below are some of the plugins you can use:
Change the login URL with WPS Hide Login
This is a popular plugin to change login URL on WordPress with over 1M active downloads. It’s a lightweight plugin, has great reviews, and the developer often updates it. Once you’ve downloaded and activated the plugin:
Go to Settings > General in your WordPress dashboard.
Scroll right to the bottom until you see a section called WPS Hide Login which should look something like this,
You can configure a new login page URL by typing it after your website’s domain name. In the Redirection URL field, enter the URL path you want to redirect people to who attempt to log in to the website.
Change the login URL with iThemes Security
iThemes Security is another great plugin that helps add another level of security to your WordPress website. To change the login URL with iThemes Security, download and activate the plugin and go to Security > Advanced > Hide Backend
You will then be directed to a pop-up where you’ll be able to change the login URL as you wish. Once done, click “Save Settings” and you’re good to go.
Change the login URL with All-In-One Security (AIOS)
This is another popular plugin that provides a comprehensive security solution across different domains. One of them is the ability to change the login URL. Simply download and activate the plugin, click on WP Security > Brute Force in your WordPress dashboard.
You will see a tab named “Rename Login Page
Check the “Enable Rename Login Page Feature” checkbox and then enter a new login page URL then click “Save Settings”.
Few important points to note
First, once you activate this plugin, you can’t access the admin panel using the default login URLs. WPS Hide Login defaults to /login. This happens immediately after activation, before you customize the default login URL. Therefore it’s important that you take note of the new login URL (maybe use a password manager) else you will not be able to login to the website.
Afterall, you’re trying to make your team/clients’ lives easier and hackers’ lives harder. Don’t lock yourself out of your site.
Second, if you deactivate the plugin, your site will use wp-admin and wp-login.php again.
Finally, you could also choose to change the login URL without a plugin (the hard code method) though it’s not highly recommended. However, if you feel comfortable going down this route, you are more than welcome to do it.