By default, your WordPress admin login URL is set as http://www.yoursite.com/wp-admin or http://www.yoursite.com/wp-login.php, which is short and sweet. However, it is none other than a loop-hole exploited by hackers to invade your website because they do not need to take time to find the door of your website. If there are some people supposing to attack your website, they would like to make every effort to crack password and waste a large amount of your resources as well.
Thus, you should take action to change WordPress admin login URL for better security. To do this, we are going to introduce two methods in this post to help you achieve that goal easily, including the use of HTTPS and the installation for a WordPress plugin.
WordPress Admin Login URL with HTTPS
HTTPS, short for Hyoertext Transfer Protocol Secure, is a communications protocol designed for the improvement of website security, which is recognized as an effective and simple method to protect login information. A WordPress Admin URL with HTTPS is like https://www.yoursite.com/wp-admin. Note that, you are required to install an SSL certificate on the web server at first to enable HTTPS browsing, which is priced from $10/year to $1000/year.
The two wp-config.php constants as below are created for the set of HTTPS admin login URL, including:
define('FORCE_SSL_LOGIN', true); define('FORCE_SSL_ADMIN', true);
Because the first constant is included in the second one, you just need to choose one of them and settle it down. And then, the admin login URL in under the protection of HTTPS.
Change WordPress Admin Login URL by Using Plugin
The use of HTTPS requires expertise for code and ample resources. If you are not the one meeting the requirements, we suggest you to go with a WordPress plugin. Plugin is the easiest method to make a change for WordPress admin login URL, especially for some people lack of technical skills and enough budgets.
There are multiple WordPress plugins designed for the change of admin login URL, such as Lockdown WP Admin, Better WP Security (also called iThemes Security), Rename wp-login.php, and so on. Here, we would like to explain how to change WordPress admin login URL using Better WP Security.
Install & Activate Better WP Security
Login your WordPress dashboard and click Plugins > Search Results. You need to fill Better WP Security in the blank and then click Search Plugins to find this plugin. Click Install Now and finish the installation. Undoubtedly, the whole process is easy to handle, even for beginners.
Once having the installation done, you need to go about Better WP Security activation. Find Better WP Security via Plugins > Installed and activate it in real time.
Set up Better WP Security
Once installing and activating the plugin, you are required to set up it by following the prompts one by one. The first three steps require you to make a backup for the database, enable the Better WP Security to change WordPress core files and secure your website from basic attacks.
If you have complied with the prompts, we suggest you to change the username “Admin” under User. Enter a new username in the blank and click Change Admin Username.
And then you should turn to the section of Hide WordPress Backend. The Hide Backend is created to change the login URL so as not to expose it to potential attackers. Before everything, you need to check the Enable Hide Backend. And then, the new URL slugs for Login, Register and Admin should be filled in the blanks according to your needs. Keep the new URL in mind and don’t forget it.
Besides, you are allowed to limit login attempts in the Login tab. For some attackers trying to login your dashboard and fails to enter the right login information 5 times, they are locked out of the site. It is also a good way to protect your WordPress admin login.