Anybody who has used WordPress knows that the admin page can be found at /wp-admin and the login page is at /wp-login. If a nefarious third party wants to hack your WordPress site and gain access to the back-end, these are their primary attack vectors. To prevent this, it is advisable to hide these pages. Fortunately, with the help of a free plugin, it’s quite easy.
WPS Hide Login
Search the plugin repository for WPS Hide Login. With over 400,000 active installs and a 5 star rating, this is head and shoulders above any similar solutions. Go ahead and download and activate it. Once that’s done, you will find its settings under the settings tab in the left hand admin sidebar.
As you can see there are only two options. One allows you to change the login URL – which applies to /wp-admin too. The other is a redirection URL which is pushed to anyone trying to access wp-login or wp-admin. You can leave this on the regular 404 page if you wish.
It is advisable to change the login URL to something that isn’t too obvious to guess. Whatever you do though, DO NOT FORGET what it is, or you will not be able to access the back-end any more.
For the purposes of this tutorial, I have called mine testloginpage. Once you click on Save Changes you are all set. Log out of WordPress and try to load up either the /wp-admin or /wp-login pages. You will be redirected to your 404 page not found page.
So in my case, I enter muxxy.local/testloginpage into the address page and I’m greeted with the regular WordPress login page.
That’s it! Your WordPress site is now that little bit more protected than most.
* * *
Are you looking for cheap WordPress hosting? Want to learn more about WordPress?
Join me in the Steemblogs.club Discord channel HERE.