By default, the WordPress login URL will be example.com/wp-admin. But at times, you may want to change this because of the uncontrollable hack attempts or numerous bots trying to guess your password by constantly trying different credentials. So, once you decide to change the WordPress login page, most of these problems could be resolved by returning a 404 error on the default WordPress backend login URL. If they cannot access the page, it will be hard to guess the current login page, so they cannot try to hack your website or guess your passwords by brute force attacks.
Change WordPress Login Page
So, we are going to change the default login URL of your website to something that you want it to be using a plugin called WP Hide Login which is a free plugin available in the WordPress plugin repository.
- Install the plugin on your WordPress website.
- Go to Settings > General from the left sidebar.
- Scroll down to the bottom.
- In the WPS Hide Login section, input the new details.
- Save the changes.
That’s it, you can set the redirect URL to 404 page on your website so anyone who tries to access the login page from the default address will be redirected to a 404 page. If you want them to see some other pages on your website, you can also do that.
The plugin is known to cause some issues in rare cases coupled with some specific plugins. If you cannot access your WordPress backend either from the wp-admin page blocked by the plugin or from the new address you just typed in, you might want to disable the plugin manually to get the website working again. But this is extremely rare. If it ever happens, just disable the plugin and diagnose the issue further.
When should you change the WordPress login URL?
Whenever you think that you are under attack reported by the security plugins such as Wordfence. Or when you think that you should protect your website without exposing the login page to the hackers or bots that might cause issues in the future. In these scenarios, you can change your WordPress login URL to something that is less obvious. This will help you to not even give a chance for the hackers to get access to your website. They won’t even be able to input the username and password without a page that has those fields. So the WordPress login URL change is a pretty easy and dope way to block such attempts.
But this doesn’t mean that you should do it all the time and on all of your websites. As the latest WordPress security patches are extremely capable of blocking such brute force attacks with the help of the functions included in plugins like Jetpack that most of the WordPress installations have, you shouldn’t be worrying about losing access to your website as long as you chose a pretty strong, less-obvious password for your WordPress backend access. If the password is very weak or similar to the username you have put, make sure to change it right now and note it down somewhere safe.