We almost lost a client’s website to hackers just because we forgot to change their WordPress log in page URL. Sometimes it’s really an over-sight to tighten up website security measures.
In the same vein, it could be that you are naive about the exact thing to do. And that is why I decided to share this method on how to beef up your website security.
You may not find this an issue if your site or the sites of the people you know have not been affected by brute force attacks or direct log in attempts. But I tell you, it does happen. I’ve seen, experienced and heard people lost their hard labor and investment on site they couldn’t recover from hackers.
The more porous your site, the more vulnerable it becomes.
Why do people hack website? You might want to ask.
Well, there are one thousand and one reasons why people might want to hack your site. The main reason is really best known to the person that wants to engage in the act.
Generally speaking, people hack site because they wanted to get content they find important. This content could be information, money, code, etc. Some can hack just because they want to pull down your site probably it has been labeled as threat on their list of competitors.
Whatever the reasons could be, it’s better to protect your site before they get at you. One of the best ways to protect your WordPress powered site is by changing the default log in page URL. This URL is known to everybody and therefore easily accessible. Changing it would secure your site from brute force attack.
How to change WordPress log in page url
There are so many ways by which this can be done on WordPress self hosted sites. The method I’ll be sharing with you today is the plugin method of doing it.
There are also many plugins that could be used for this purpose on WordPress plugin directory. The only disadvantage is that they tend to also change your site’s permalink structures which might cause so many url redirects and could result in conflict.
However, there is a plugin called “Rename WP-login.php” that only changes just the log in page url and it does not do another thing other than that.
Though, the plugin is actually dated and it’s no longer maintained, but even at that it still works like charm up to this current version of WordPress (4.2.2).
All you need to do is install and activate it within your WP admin panel by going to ‘Plugin’ >> ‘Add New’ and then type ‘Rename wp-login.php’ into the search box provided. Click enter on your computer keyboard.
Install and activate the plugin. Upon activation, you’ll be redirected automatically to where you will change your log in page url. If not, go to ‘Setting’ and click on ‘Permalinks’. Scroll down, you’ll see ‘Rename wp-login.php.
Type what you want your new log in page url should look like into the box provided. It’s important you make it strong as if you’re generating a password because indeed, that’s what it is. Click the save button below and you’ll be done on this part.
Other important setting
If you have a caching plugin like W3 total cache or WP super cache installed on your website, then it would be imperative to add your new log in page url to the list of url to be excluded from cache otherwise the whole effort would be defeated.
How to add log in page URL to list of excluded urls from cache
For W3 total cache: Go to ‘Performance’ on WP dashboard and click on ‘Page cache’. Scroll down to ‘Never cache the following pages’ and add the new log in page url to the list. Please, add only the suffix and not the full url. Click save.
For WP Super cache: Go to ‘Advance’ and scroll down to ‘Save strings’. Add the log in page url suffix into the box and click ‘Save strings’.
These are all you need to do to effectively change your log in page on WordPress.
Conclusion: Now that you have beefed up the security of your site, it’s time to ensure you keep this url safe and secure. It’s not a good idea to store it on your computer or laptop because people might have access to it.
Beside, your system may contact virus that would require total format of the device without access to backup. You may write it on a piece of paper and keep it somewhere safe. Ensure you don’t lose it otherwise it could be hard to access your site from WordPress backend except you go through cpanel.
However, it is expedient to keep your site secure so that people would not take undue advantage of its porosity thereby robbing you of your hard work and investment. What do you think?
Latest posts by Francis 'Toke (see all)
- How to Add Post Thumbnail Image to RSS Feed on WordPress - February 16, 2016
- 10 Tips for Getting the Most out of Google Image Search - January 19, 2016
- How to Add Next and Previous Post Links with Thumbnail - January 11, 2016