One aspect of WordPress that sadly doesn’t help keep your site safe from attack is that the login page is always the same: wp-login.php .
Just add this string to the domain, and attackers can try to guess your password.
The first piece of advice I give you is to choose secure usernames and passwords. The admin – 123456 combination is to be avoided like the plague!
The second tip is to disguise your login page URL.
Here’s how to do it with the WPS Hide Login plugin .
To make WordPress more secure, use WPS Hide Login
Let’s see what the WPS Hide Login plugin is for.
Simply put, this plugin helps you protect your site from unauthorized access by editing the wp-login.php file and, in fact, replacing the access urls to the Dashboard with a custom url (therefore, they will no longer be the usual / wp-admin and / wp-login ).
This way, hackers who try to ‘hack’ your site will find it more difficult to locate the login page. This tool can prove particularly effective for protect your site from automated bots, who try to access WordPress sites by testing a sequence, in a very fast and automatic way, the most common credentials used by users.
Remember admin – 123456? Here, they would succeed on the first try.
But with this plugin, any bot that searches for your site’s / wp-admin page will immediately find a blocking point, as they won’t encounter any login forms.
Let’s see now how you can implement the functionality offered by this plugin on your site as well.
Install and activate WPS Hide Login
WPS Hide Login is available within the free WordPress plugins directory. You can then search for it directly from the Dashboard, install and activate it.
If you prefer, you can also download the plugin .zip folder from the official WordPress site and manually upload it to your site.
Configure the plugin
Setting up WPS Hide Login is very simple. Once the plugin is activated, navigate to Settings> WPS Hide Login or from the Settings> General section and then scrolling to the end of the page, to the WPS Hide Login.
Here you can enter the new URL to use for the login page to your WordPress site.
Also enter the page you want to set up for the redirect from wp-login.php . You can enter your 404 page, the site home or any other page.
The rest is all done by the plugin. At any time, you can change your login URL again by returning to this settings screen.
Some precautions to be taken in the configuration and use of the plugin
1) Make a note of the URL
The new URL inserted in WPS Hide Login will be, once the new setting has been saved, the only access point to your site. So be sure to take note!
If you forget your login URL, you can still disable it WPS Hide Login via File Manager or FTP.
2) Disable the cache for the login page
If you use a caching tool, such as W3 Total Cache , WP Super Cache or others, great! It means that you have taken an important step to improve the performance of your site.
But if you choose to use WPS Hide Login, be sure to exclude the URL of the new login page to your site from the cache.
If you use WP Rocket , this is already configured so that the new login page is automatically excluded from the cache. W3 Total Cache and WP Super Cache will instead pop up a notification. In any case, be sure to work on this setup as there may otherwise be login issues.
3) Pay attention to the .htaccess file
If you use other plugins that modify the .htaccess file , or if you modify it manually, errors may occur regarding WPS Hide Login. Simply put, you may be locked out of the site.
If you suspect that a plugin you are about to install is affecting the .htaccess file, try contacting the developer of WPS Hide Login and that of the new plugin you want to use, to check the compatibility of the two tools.
4) However, take other security measures
To use WPS Hide Login it’s just one of the many methods available to you to make WordPress more secure.
Another way to secure your WordPress website is to change your WordPress account password regularly. For example, every three months.
In this guide we have seen how to make WordPress more secure through using WPS Hide Login. This tool allows you to ‘sidetrack’ potential hackers and bots by changing the URL of the login page to your WordPress site.