If you’re using a plugin that provides some level of protection or monitors all login attempt activity such as Loginizer, you might be getting tons of email notifications about failed login attempts. If it’s really bad, you might be getting hundreds of these email notifications every week.
Those are rarely real humans that are attempting to log in to your website. Instead, they’re mostly bots that crawl the web and hit every website’s /wp-admin or /wp-login.php page in an attempt to guess the admin’s password.
The most effective way to combat this is to use a firewall. You can read up on what it means to have a firewall for your WordPress website and how you could go about installing one in our WordPress Firewall Guide.
But if you can’t afford a firewall, there are some measures you can take that will help you mitigate the attacks and decrease the frequency of those pesky failed login attempt notification emails. One of these measures is the act of changing your login URL.
By doing this, a bot will attempt to load your /wp-admin or /wp-login.php page but instead of seeing the option to log in, it will be presented with an error:
Thus, it will be unable to make the login attempt altogether and move on to another website.
Every WordPress website’s admin login portal can be accessed by navigating to the /wp-admin or /wp-login.php page. It’s standard for all WordPress installations unless, of course, you change it.
And there are 2 ways to change it:
- Through a plugin – This is the easiest way.
- Manually – For those who are comfortable navigating through core WordPress files but is never recommended.
Here’s how you go about changing the WordPress login URL through a plugin.
Plugins For Changing Your WordPress Login URL
Plugins that offer this functionality are very simple to implement. If you’re already using a security plugin such as All In One WP Security, then this is one of the many features that are already packaged in your plugin.
Otherwise, you can install a couple of plugins that will give this functionality to you. Here are the best options as of today:
Once you install any of the plugins above, all you have to do is specify the URL that you want to use as your login portal. For example, if your website is www.example.com, you can choose to change your login portal from www.example.com/wp-admin/ to www.example.com/secret-login/.
Changing Your WordPress Login URL Manually
If you want to change your WordPress login URL manually, you’ll have to be prepared for a lot of work. The way to do this properly depends on your site, what kind of plugins you have installed, and your theme.
It’s never recommended that you attempt to do this manually unless you’re very confident in your technical ability, as you can mess up redirects and cause some serious disruption to your site.
Warnings and Tips
- If you’re using a membership plugin or theme, then you probably have a feature that changes your login URL already. In that case, there’s no need for another plugin.
- Depending on other services or plugins you may use with your WordPress site, you may experience serious issues if you change your login URL. Make sure you test the addition of any of the plugins above in a staging environment first before installing it on your live site.
Want to read more articles like this one? See 25 Ways to Improve WordPress Security