Or copy link
Copy link
WordPress powers a significant portion of the web making it a prime target for hackers. One common security measure to protect your website is to hide the wp-admin login page. In the meantime, if attackers cannot find your login page easily it becomes harder for them to attempt brute-force attacks or unauthorized logins.
In this post, we will go through several methods to hide wp admin WordPress area of your website making it more difficult for unauthorized access.
Hide wp-admin login does not make it completely inaccessible. Instead, it prevents the standard login path adding an extra layer of security. The default WordPress login URL for example yourdomain.com/wp-admin is a well-known and secure wp admin login that can:
yourdomain.com/wp-admin
If you are comfortable editing files you can manually change the login URL using code snippets. However, plugins provide a more beginner-friendly approach. Some plugins offer additional security measures like login attempt limitation or two-factor authentication alongside URL masking. The following are the methods discussed to protect WordPress admin area:
1. Using Plugins
The easiest way to change WordPress login URL page is by using security plugins. There is a variety of security plugins available for WordPress such as:
How to use WPS Hide Login
Login to your WordPress dashboard. Navigate to the plugin section and search WPS Hide Login, install and activate the plugin.
Go to Settings in WPS Hide Login. Type in a new login URL slug in the provided field then save changes.
2. Manual Method Using .htaccess
For advanced users who prefer not to use a plugin modifying the .htaccess file in your WordPress installation can achieve the same result. For this access your site’s root directory using FTP or File Manager then locate and backup the .htaccess file before editing. Add rewrite rules to redirect users from wp-admin to another URL or a 404 page.
RewriteRule ^new-login$ /wp-login.php?new-login=1 [L,QSA]
Test your new admin URL and ensure it works correctly before logging out.
Secure your Website with Managed WordPress Hosting
Secure your website with Ultahost’s managed WordPress hosting and provide your visitors with the best possible faster page-loading experience.
3. Manual Method Using wp-config
Login to your cPanel, and navigate to the file manager section. Locate the wp-config.php file within the root directory.
wp-config.php
Add the following code snippet before the /* That’s all, stop editing! Happy publishing. */ line:
define('AUTH_COOKIE', 'your_custom_cookie_name'); define('LOGININCOKEE', 'your_custom_cookie_name'); define('NONCE_KEY', 'your_very_long_random_string_here'); define('AUTH_KEY', 'your_very_long_random_string_here'); define('SECURE_AUTH_COOKIE', true); define('FORCE_SSL_LOGIN', true);
Replace your_custom_cookie_name with a unique phrase for your cookies. Generate long, random strings for NONCE_KEY and AUTH_KEY using a secure password generator.
your_custom_cookie_name
NONCE_KEY
AUTH_KEY
Then add the following code in your .htaccess file. Replace your_custom_slug it with your desired login slug for example “my-secure-login”.
your_custom_slug
RewriteEngine On; RewriteBase /; RewriteRule ^wp-admin/ index.php?your_custom_slug=$1 [L];
Save both files. Now, access your wp-admin using the new URL structure like http://yourwebsite.com/your_custom_slug/.
http://yourwebsite.com/your_custom_slug/
4. Change Admin Directory
Another method involves renaming the wp-admin directory itself but be warned; it’s risky and could break your site if not done correctly.
While hiding your admin page can improve security it should be part of a broader security strategy:
Hiding wp-admin is an important security measures to protect your WordPress website from potential threats but it must be done carefully either via plugins or manual methods. Remember while it adds a layer of security it should not be the only precautionary measure in place. Performing these changes can cause issues with your site if not done properly, especially when updating WordPress or its themes and plugins.
While hiding your WordPress admin directory adds a layer of security, it is not a foolproof solution. For comprehensive website security rent a VPS from Ultahost which grants root access and full control over your server environment. This empowers you to implement advanced security measures beyond just hiding wp-admin.
It adds a layer of security by making it harder for hackers to find your WordPress admin login page.
No, it’s simple and can be done with plugins or by editing your website’s files.
No, it only changes the URL of the admin login page, keeping everything else the same.
Yes, you can access it using the new URL you have set up.
While it’s not mandatory it is a good security practice to consider for protecting your website.
When a web page loads the browser interprets its HTML c...
A well-structured WordPress website relies on a clear l...
Controlling access to your website becomes essential fo...
RSS feeds continue to be a stable presence in the const...
Tutor LMS is a Learning Management System plugin in Wor...
An SSL handshake is a process that begins when your bro...
Save my name, email, and website in this browser for the next time I comment.
Δ