The fact that WordPress is so highly customizable is one of the things that faithful users love about it. Speaking of customizations, did you know that you can change your website’s login URL rather than using the default address? You can. You might not understand why you should, but you can change the login URL in a couple of different ways.
So, should you change it? That depends on your security tolerance level. If you want your WordPress site to be as secure as possible against things like brute force attacks, changing the login URL is probably a smart idea. Consider this: every WordPress hacker with even a basic understanding of how the CMS works knows that the out-of-the-box login URL is the website’s domain name followed by ‘/wp-login.php’.
Even if a hacker did not know your site is a WordPress site, just entering ‘/wp-login.php’ into the address bar following your domain name will reveal it quickly enough. Then the hacker can launch a brute force attack that eventually breaks into your site. It is a lot easier than you might imagine. So yes, you should change your login URL if you are concerned about security.
As with most things WordPress, you can make the changes either manually or with the plugin. We will start with the plugin option.
WordPress Login URL Plugins
We will not spend a lot of time talking about URL plugins because there are so many of them. Most of them work by adding two parameters the general settings dashboard, making the change rather easy. You just enter your site’s current login address in the fist box, then the new address you have chosen into the second box. Save the changes and you are done.
Some of the more popular login URL plugins are:
Making the Change Manually
You can manually change your WordPress login URL without requiring any knowledge of HTML or hard coding. This is a better option if your site already uses a large number of plugins. It is also a good option if you do not trust plugins to begin with. Changing your login manually is a simple, four-step process:
- Download the ‘wp-login.php’ file from the root directory of your WordPress installation.
- Copy all the text from that file and paste it into a new text file.
- Search and replace every instance of ‘wp-login.php’ with the new name you have chosen for your login URL.
- Save the file with the new name, upload it to the root directory, and delete the original ‘wp-login.php’ file.
You should now be able to login to your WordPress site using the new login page. As a side note, keep the original ‘wp-login.php’ file you downloaded on your computer as a backup – just in case something goes wrong. If your new login page does not work, you can always upload the backup copy to put things back to their original state.