True Story: I have a personal blog that’s 15 years old and I started getting brute force attacks, meaning hackers were trying to gain access to my website as an administrator. I’m talking 750 login attempts an hour! Because I have a stellar security plugin, these hackers didn’t succeed but at one point I got locked out of my own website. My own website! That’s what convinced me I needed to do more than just install a security plugin and have a complex password. I needed to change the login URL.
WordPress websites have a default, standard login URL. It’s usually “wp-login” or “wp-admin” tacked on the end of your domain name. So for instance, www.example.com/wp-login or www.example.com/wp-admin. Hackers know this so they’ll try to break into your website by going to your login page and testing out passwords. If they succeed, they can really mess things up by splashing porn across your site, selling black market items, and redirecting to their own website. It’s a nightmare.
However, even if they don’t succeed in guessing/breaking your password, hackers can still mess things up for you by inadvertently denying access to your website because they tripped the security features. That’s what happened to me. I have login limits enabled so even though my password was correct, I still couldn’t log in for 20 minutes. Because I had the standard “wp-admin” page, I realized that needed to go.
Luckily, I had the help of Charlotte web designer Web Symphonies so I changed my login page, and voila! No more getting locked out of my website! The complicated piece here is some web hosts automatically change your WordPress login URL. If you’re not sure whether that’s true for you, ask your favorite NC web design company (us) and we can check.
Use a plugin
Once you’ve determined what your login page is, now it’s time to change it! There are two ways to do so. The first is with a plugin (of course). There are many but WPS Hide Login is a lightweight option. Install, activate the plugin, and then go to Settings > WPS Hide Login. It gives you the option to type in a new login URL and after you save changes, you’re done! Once the plugin is active, you won’t have access to your old login screen, and neither will anyone else. In other words, make sure the new login URL is something you’ll remember!
Edit the code
The other way to change your login URL is to edit your wp-login.php file. You’ll need to access your root folder and search and replace everywhere you find the wp_login_url string with the new login URL. If you’re anything like me, that sounds incredibly intimidating. I worry I’ll mess something up so instead, why not ask for help from a professional that specializes in website design in Charlotte (and beyond)? Contact Web Symphonies and they’ll handle all your coding needs.
Keep it safe with two-factor authentication
Lastly, to keep your website extra, extra secure, you might want two-factor authentication. It requires users to submit more than just their password and this is often a code sent via a text message, email, or app. Bots and hackers can’t recreate that code so only the users you want to have access to your website, will. So there you have it. How and why you should change your WordPress URL login. And if any of this didn’t make sense to you, that’s fine. This Charlotte web design and development firm is available at 704-336-9113. We’d love to hear from you. You can also send us an email if you’d rather.