According to Forbes, 30,000 new websites are hacked every day.
We Safely Remove Any Malicious Code in Your Site Database!
We will perform a scan of all your website files including WordPress, your themes, and plugins, and check them for malicious code..
There are many recommendations on how to tighten the security of the WordPress website. But one of the basic WordPress security recommendations is to change the WordPress login URL.
To get to the login form, all WordPress installations have the same URL (mysite.com/wp-login.php). It’s like saying to all robots and hackers, “This is where you enter.”
So in this post, we will learn how to change the WordPress login URL and limit login attempts on WordPress.
Why Should You Change the Default Login URL?
- Some robots continuously scan one website after another in search of default access routes to later carry out brute force attacks, and they do not care if your website has 2 daily visits or 1000.
- You make it easier for hackers because they don’t even have to look for the login URL, and it is also clear that you use WordPress, which gives them clues to use other methods to sneak into your website.
- Curious people who are tempted to try to enter. I myself have used the method of putting the login URL to see if a website was made with WordPress until I discovered that there is an extension and even a website for that.
Being able to put obstacles to those who try to access your website without permission, why not do it?
Change WordPress Login URL with WPS Hide Login
It’s the easiest way to do it, and you just have to install a plugin and specify the new path.
Follow the given below steps to change the WordPress login URL using the WPS Hide Login plugin:
Step 1: First of all, install and activate WPS Hide Plugin. Go to Plugins > Add New > in the search bar, you write “WPS Hide Login” and hit the search button.
Step 2: Go to Settings » General, below the option Login URL appears. Write your new URL in the box to enter the WordPress login. You must remember or write down the URL you put there. Finally, you click save, and that’s it.
There are many WordPress plugins to change the login URL, but after searching through the different plugins, I stick with WPS Hide Login for several reasons:
- It is light and does just what is needed.
- Very simple to use and beginner-friendly.
- All opinions are positive, and it has a 5-star rating.
- It is compatible with the latest version of WordPress.
- It has recent updates.
Redirect User After Login WordPress
If you or anyone try to log in with the address of /wp-login.php or /admin, they will end up on the 404 error page.
If you deactivate the plugin, everything goes back to how it was before.
How to Find Login URL If You Have Forgotten the Access URL?
Now you learned how to change the WordPress login URL and have your own desired login URL, but what if you forget the login URL?
If that happens to you, you will have to deactivate the plugin manually through FTP or from your hosting file manager.
Access the wp-content -> plugins -> folder and DELETE the WPS Hide Login folder.
In this way, you will deactivate the plugin, and you will be able to reaccess it with the classic /wp-admin. Well, that’s it for this short tutorial on how to change the WordPress access URL.
Watch the below given video to learn how to delete or deactivate a plugin from cPanel:
How to Limit Login Attempts on WordPress
Sometimes, we have to limit login attempts on our WordPress website so that if a hacker or bot tries to mesh with the site, they can not do that.
To limit login attempts in WordPress, we will use the plugin called Limit Login Attempts Reloaded. I have tried several plugins of this type, and this is the one that I liked the most in its free version.
Once installed and activated, we can find its options in Settings > Limit Login Attempts. Once inside, we can choose the number of attempts allowed, the blocking time after spending that number of attempts, etc.
Just configure settings as given below:
In the Local App section, allowed retries mean how many times a user can try to log in with the wrong password. It is 4 by default. If someone enters the wrong password 4 times, they have to wait 20 minutes as 20 filled-in minutes lockout box.
And if someone has been locked out 4 times, the plugin will not allow the user to attempt to log in for 24 hours.
Best Plugins to Change WordPress Login URL
1. iThemes Security
iThemes security is one of the best security plugins with more than 1 Million active installations and 5 stars rated by more than 3300 users.
Along with Change Login URL, it has many features to make your website even more secure.
How to Change Login URL Using iThemes Security Plugin
To change the login URL of your WordPress website with the iThemes Security plugin, just install and activate the plugin and follow the below-given steps:
Step 1: Go to Security > Advanced > then Hide Backend.
Step 2: Enable this hide backend by checking that option.
Step 3: Now, enter your desired new login URL in the Login Slug. This plugin will not use default login URLs like wp-login.php, log in, etc.
Step 4: And hit the save button. That’s it.
2. Change wp-admin Login
Change wp-login is really simple and a lightweight plugin with more than 70,000 active installations and works with all WordPress websites. And it is tested with WordPress version 6.0.
One of the best things about this plugin is it does not change files in the core to change the login URL. Once you install and activate the plugin, the wp-login.php page will become unavailable.
How to Change Login URL Using Change wp-admin Login
Step 1: Just install and activate the Change wp-login plugin.
Step 2: Now head over to Settings > Permalinks and scroll down to see the Change wp-admin login section.
Step 3: Just enter your new login URL and hit the Save Changes button. That’s it.
Just open a new private window, check the new login page, and check the old login page to ensure the new one is working and the old one is unavailable.
Disable this plugin brings your default login page as it was before.
Conclusion
These are the best practices you can do to add a security layer to your WordPress website. You can change the default login URL, redirect a user after logging in, limit login attempts, etc.
I hope this article helps you learn how to change the login URL of your WordPress website and how you can limit login attempts.
If you are stuck somewhere in the process, don’t hesitate to leave a comment below. Love to discuss.
