WordPress websites are some of the most vulnerable on the internet.
As the most popular content management system around, and with over 45 million recent version downloads, WordPress’ popularity alone provides hackers plenty of opportunities to hack their way in. Add in the fact that many people are terrible at keeping their software updated (which is just another reason why using managed WordPress hosting is such a good idea), and you have a recipe for disaster.
Of course, there are plenty of ways to improve WordPress site security and keep your data safe. But one of the best ways to thwart hackers and prevent brute force attacks is to simply hide the WordPress login page.
Today we’re going to show you the easiest way to hide your WordPress site’s login page and keep hackers out.
What is a brute force attack?
A brute force attack is a trial and error guessing game that hackers play to get inside the backend of your WordPress website. What are they guessing, you ask? Your login page’s password.
Often carried out by bots or scripts to make things easier (after all, manually trying to crack into websites across the web would take ages), this type of attack is usually directed at website login pages.
Guessing your site’s password combination is not as hard as you might think. In fact, Cloudflare reminds us that given enough time, any password-based system can be cracked using a brute force attack.
Because of this, it’s important site owners take a proactive approach to site security and hide their WordPress login page so no one can ever get in. After all, hackers can’t crack what they can’t find.
Why hide your WordPress login page?
By default, all WordPress websites use identical URL structures for the login page. You know, the one that looks like this:
You can easily access your WordPress website’s login page just by adding the /wp-login.php or /wp-admin to the end of your site’s domain name. This makes it a lot easier for you to find the login page quickly. However, it also makes it a lot easier for hackers to find your website’s login page too.
If you hide your WordPress login page by changing the URL structure, you’ll slow a significant number of hackers down because they just won’t even know the login page exists. And even if they know you use the WordPress CMS, they won’t be able to find it.
How to hide the WordPress login page – the easy way
Today we’re going to show you how to hide the WordPress login page from everyone, including hackers, the easy way using a WordPress plugin called WPS Hide Login. Of course, we’re not saying there aren’t other methods; we just think this one of the easiest and most convenient.
This lightweight plugin is a simple solution for hiding the WordPress login page. It will let you change the login page URL structure without renaming or changing files in the core or rewriting rules – all with one click.
You can set this plugin to work on a single site, but it also works with WordPress multisite, subdomains, and subfolders. And the best part is, even though the plugin works easily across all your sites, each individual website can have its own unique login URL.
Let’s see how it works.
Step 1: Install and activate WPS Hide Login plugin
To install and activate WPS Hide Login on your WordPress website, go to Plugins > Add New in your WordPress dashboard.
Search for ‘WPS Hide Login’ and click Install Now.
Then, click Activate so the plugin will be ready for use.
Step 2: Configure plugin settings
Once WPS Hide Login is installed and activated on your site, go to Settings > WPS Hide Login in the WordPress dashboard to change your login page’s URL. Don’t worry, there is only one thing you have to do.
At the very bottom of the screen, you’ll see a section labeled WPS Hide Login.
Here, you’ll have the option to customize the new URL of your WordPress login page. Just type in the new URL after your website’s domain name.
It’s best to change the URL to something random. Remember, the goal here is to hide the WordPress login page from hackers trying to make their way into your site to wreak havoc. Just make sure you record the new URL after you save your changes. The last thing you want to do is forget your new URL and lose access to your site.
Once you’ve changed your WordPress login page URL, the old one will automatically be disabled. If at any time you want to reverse the changes, just deactivate the WPS Hide Login plugin and the old URL will go back to normal.
And there you have it! You now know the easiest way to hide the WordPress login page from hackers trying to guess their way in.
It’s really important as a website owner to protect your website and all its data. Luckily, there are easy things you can do to stay one step ahead of cybercrime that even the most non-tech savvy person can do. Of course, this strategy will not prevent all brute force attacks on your website. That said, this added layer of security sure makes it a lot harder!