WordPress Security – Renaming the default WordPress admin login address

Share on facebook
Share on twitter
Share on linkedin

By default all WordPress websites have the same login page address (yourdomain.com/wp-login.php). This means hackers know which page to visit to try and login to your site. With the recent wave of brute force attacks on WordPress sites, where hackers continually access your login page in an attempt to guess your password, it is receommended to change this default login page address to something else of your choosing.

Similair to the article where we discussed changing the default WordPress “admin” username, (which is highly recommended and you should do this ASAP if you haven’t yet), changing the default wp-login.php page address will help greatly with making your WordPress site more secure and is one of the first things that should be done after installing WordPress.

Changing the wp-login.php page to another name is easy thanks to the free plugin – Rename wp-login.php

After installing and activating the Rename wp-login.php plugin, you will be shown the settings page for the plugin which is at the bottom of the Permalink Settings page, which is under Settings > Permalinks on the left menu. You will see the “Login url” text, and beside it your domain names WordPress blog address, followed by “login” in the text field. This is the default setting for the plugin whereby it is renaming the login page to yourdomain.com/login. You can change the “login” text to something else a little harder to guess, for example – “safelogin”.

After clicking “Save Changes” your address of the admin/dashboard page will be updated. Make sure to remember and bookmark this new address you created for when you next login. The old default wp-login.php or wp-admin will now return a 404 not found error message.