How to change the WordPress admin login page?

Listen to this article

How to Change the WordPress Admin Login Page? Or in simple terms, the URL of the WordPress admin login page? After installing the WordPress core, you will immediately be faced with the standard login page for the admin panel of a WordPress website. By default, you can access almost everything on your site.

Eg:

• /wp-login.php
• /wp-admin
• /wp-comments-post.php
• /wp-content/plugins/ubh/up.php/.well-known/
• /wp-content/export.php
• /local.php
• /wp-includes/images/wlw/content.php
• /content.php
• /wp-content/uploads/assignments/rqrubrhdw.php.

All these addresses are added at the end of the main domain https://site.ru/ - then the corresponding path. I highly recommend not repeating this on my site. The site's security system will immediately block you forever. Keep this in mind. This is a very small excerpt from the list of my daily website traffic (all ip-addresses from this list are blocked). Previously, I did not think about the security of my site, this led to disastrous consequences. Rakes teach us.

CMS WordPress is one of the most famous and popular content management systems. This popularity leads to big problems with hack attacks. One of them is called brute force attack (brute force is a brute force attack that targets the WordPress admin login page. Therefore, I decided to tell you how you can change the admin panel login url. Let's get started.

The content of the article:

• Why Change the WordPress Admin Login Page URL?
• How to protect your WordPress site from brute force attacks?
• How to Change the WordPress Admin Login Page - The Best Plugin
• Conclusion

Why Change the WordPress Admin Login Page URL?

Good question! Really why? Brute attack the main reason to change the login page in the site admin panel. What is a brute force attack in WordPress? A WordPress brute force attack is when a hacker tries to access the wp-admin of a site by trying to guess the login credentials of a legitimate user account. Brute force attacks use bots that brute force hundreds, thousands, and sometimes millions of passwords on the wp-login page in an attempt to guess the right one.

Brute force attacks are not only dangerous for a website if successful, but also have a huge impact on website performance. The attack uses server resources and may even crash the site. My site is attacked daily by hundreds of bots that scan all possible combinations of directory addresses, as well as the admin panel login page at /wp-login.php and /wp-admin/. These bots can sneak around all day until they find a vulnerable access point to your site's internal content. Take a look at my journal:

What are hacker bots scanning on your site?

Here is an example:

• /wp-login.php
• /wp-admin/
• /wp-content/export.php
• /local.php
• /baindex.php
• /wp-content/themes/zakra/image.php
• /gank.php.php
• /wp-includes/Text/Diff/radio.php
• /wp-content/languages/themes/radio.php
• /content.php
• /radio.php
• /plugins/system/debug/debug.xml
• /administrator/language/en-GB/en-GB.xml
• /old-index.php
• /fw.php
• /site/wp-class.php
• /wp/wp-includes/wp-class.php
• /wp-includes/wp-class.php

I'm not just listing all of this for you. I do this so that you have a maximum understanding of the whole problem related to the security of our sites. And we need to make it as difficult as possible to access our website login pages. The best option is to hide/change the WordPress admin login page.

How to protect your WordPress site from brute force attacks?

The most effective way to protect our sites from attacks brute force - limit the number of login attempts or completely block unwanted ip-addresses. By default, WordPress allows unlimited login attempts, so you can use security plugins to protect your site from attacks using brute force.

In addition to login protection, security plugins include bot protection and an advanced firewall that help protect your site and mitigate the detrimental effects of a brute force attack.

How to Change the WordPress Admin Login Page - The Best Plugin

The first thing I want to warn you! It is extremely important to write down the new url of your admin login page. If God forbid you forget it, it will lead to serious consequences.

Now I will briefly talk about one very good security plugin that I use in conjunction with another equally good one. Since they have the necessary functionality to ensure the security of my site. By using this plugin, you can easily change the WordPress admin login url with little effort. And the second plugin will help to strengthen the protection many times over.

All In One WP Security plugin for WordPress

Plugin All In One WordPress Security - presents your site with unsurpassed protection, one might say for nothing. It was created by experts in the field, and has constant security updates. This plugin is very effective in terms of website protection.

All In One WP Security has a huge number of annotated settings where you can see each security add-on you want to apply to your site. Most of the rules of this plugin take effect when the .htaccess file is overwritten. Here are some features of this plugin that we need:

User account and login security

• In this case, we need from him to change the login page for the admin panel, and oh yes, he can do it. All In One WP Security does a great job with this task, your login page will open at the address that you specified. This is an extreme measure that allows you to completely protect the entrance to the site from hacks. Thus, brute force attacks, you will no longer be afraid.
• Another very useful feature is hiding your site directories. The plugin simply redirects bots to the 404 page, or to another page you specify.
• All In One WP Security as well as Wordfence (the second plugin I'll cover below) has an activity log that captures bots trying to infiltrate your site.

You can talk about him for a very long time, here are the main tools that he has:

1. User authorization settings;
2. User registration settings;
3. Database protection (where you can also change the database prefix from wp_ to something else);
4. Protection of the site's file system (closing the site's file editors in the admin panel);
5. Black list of ip addresses;
6. Firewall;
7. Protection against brute force attacks;
8. Spam protection;
9. Site scanner, for malicious code or changes in files;
10. It even has copy protection features, right click blocking.

How to change admin login page with All In One WP Security?

Easily!

1. Install the plugin from the WordPress repository on your site.
2. Activate the plugin on the site, the free version also has a lot of settings.
3. Go to the "Protection against brute force attacks" section from the sidebar of your admin panel.
4. You are interested in the “Rename login page” tab
5. Scroll the mouse wheel down, check the box if you want to activate the login page rename function.
6. Enter a string that will represent the slug of your secure login page. I advise you to choose something that is difficult to guess and only you remember.
7. Then save

That's all, everything is very simple to do. The plugin also allows you to redirect malicious bots trying to navigate to your site's directories. Go through the tabs and sections, each action has an annotation.

Wordfence Security plugin firewall for WordPress

also a well-known security plugin for WordPress. It is very popular and has millions of downloads. Why did I decide to use it as an addition to the first plugin? Is the question very interesting? The thing I liked most about it is the real-time intelligent protection. Wordfence learns from your site how to secure it. Firewall or Firewall - WAF after installation, it takes about a week to learn how to protect your site. After that, the settings can be fixed.

Wordfence - has a built-in real-time scanner (with optimized performance settings that you can specify). Thus, the plugin works silently to itself, but warns you about changes in your site. For example, updating plugins or changing site files.

Among other things, it has a real-time traffic scanner. Where you can see unwanted hack bots or even people wanting to infiltrate your site. This log shows detailed visit statistics:

• Country, city and IP address;
• Who came the bot / person;
• What browser was used;
• Which site path (directory or file) was accessed.

But most importantly, in this list, you can immediately block an unwanted ip. And moreover, in order not to constantly worry about such a check, you can introduce a restriction. List of invalid site paths once you apply a similar add-on. A hack bot or person who wants to hack your directories will go down the black path and be blocked by the plugin.

Another advantage is, of course, two-factor authentication (2FA), which is easily configured. This function just knocked me down, I immediately set it up and connected it to the phone. Thanks to (2FA), you reduce website hacking to almost zero.

Conclusion

You do not need to install a huge number of various plugins, install a couple and provide your site with comprehensive protection. All In One WP Security provides tools to modify and secure your WordPress admin login page. As well as protecting the entire file system of your site.

Wordfence - enhances the potential of protection many times over, helping to track violations in real time. By providing additional protection to the login and password page, in the form of 2FA 2-fold authentication. And additional rules for blocking unwanted bots.

However, be extremely careful in the settings, read the recommendations provided by the developers of these security plugins.

Reading this article:

• What is a WordPress Pharma Hack and How to Clean It Up?
• What are backdoors on a website and how to clean them?

Thanks for reading: SEO HELPER | NICOLA.TOP