WordPress is a secure platform, but it has its security pitfall that site administrators have to look for.
Being the most popular platform on the web, it attracts a lot of hacking attacks every year. So if you are on WordPress, you should look for all types of security settings.
One of the minor ways to tighten up WordPress login security is to change the WordPress login URL.
I will show you how to change the WordPress user login in this article.
Why Change the WordPress Login URL?
The default WordPress login URLs are:
If you are not changing the WordPress login URL, anyone can guess your website’s login URL.
But what harm anyone can do if they know your login URL.
Well, even after knowing the login URL, the person has to enter the correct username-password combination to log in.
The hacker can run a Brute Force attack to guess the username-password of the WordPress website.
In a Brute Force Attack, the hacker uses the random (total random or socially engineered) strings until the right one does the login.
If the limit login is enabled on the WordPress site, the login page will block the IP address after a few wrong attempts.
Without incorrect logins limitation, the bots will keep trying until their random queries end or find the correct username-password.
Having a strong password using all types of character increase the security of the password.
Because guessing the 8 character length password would be much more complex than the 4 character length.
Changing the Login URL
When the hacker does not know the login URL, it becomes difficult to execute the brute force attack without knowing the target.
Changing WordPress Login URL is a tiny tweak in WordPress security; however, the impact is large.
Change WordPress Login URL with Plugin
The simple method is the most obvious.
If you are already using a WordPress security plugin on your WordPress site, the plugin might have a function to change the login URL.
Check the plugin setting.
If the already installed plugin does not do it, you can install a plugin that changes the WordPress login URL explicitly.
WPS Hide Login
- Step 1: Install and activate WPS Hide Plugin.
- Step 2: Go to the WPS Hide Plugin setting from the navigational panel.
- Step 3: Enter the desired login term to use in the box
Once you hit the save changes button, the login URL will be changed. The wp-login or wp-admin page will not be accessible.
You must remember the URL or bookmark it. However, if you want the original URL site, you only have to deactivate the plugin.
Change WordPress User Login URL without Plugin
I will not suggest using this process if you are not aware of how PHP files work. Making improper changes may result in site breakdown.
Take a complete backup of your website before making any changes in PHPMyAdmin.
If you want to change the WordPress user login without a plugin, you have to change the content of the wp-login.php file. You will find the file in the file manager that you can access from cPanel or the hosting panel.
Follow the step.
Step 1: Open the File Manager from cPanel.
Login to your cPanel and open the file manager. You can find the file manager if your hosting provider provides a custom panel.
If you are not able to find the file manager in cPanel, contact the hosting provider.
Open the File Manager.
Step 2: Find the wp-login file and duplicate it.
Navigate to the public_html folder, where you will find the WordPress core files. Locate the wp-login.php file and duplicate it.
The duplicate file will have a ‘copy’ in its name. But the copy does not do anything right now.
Step 3: Change the name and content of the copied file.
Rename the copied file to the login URL you want to use.
For example, the file name is: wp-login-copy.php
Rename it to changed-login.php (Not the login URL is: example.com/changed-login)
After changing the name, open the file. Replace all the ‘wp-login.php’ with the ‘changed-login.php’. You can use the find and replace sets.
After it is done, save the changes in the file.
Step 4: Delete the original file
Find the original wp-login file, and download it.
After downloading it, delete the file. Now, WordPress will look for the wp-login file and find the one with the new login URL, performing the same action.
If you access the new login URL, you’ll see the WordPress login screen that you’re used to seeing. The only difference is the URL you use to access it.