WordPress is great, we love it, but one problem that we have when it comes to website security is everyone knows the login page to your website. By default you can login to any WordPress website simply by adding /wp-login.php to the end of the domain name. This means anyone wanting to try and hack your website, either manually or by brute force attack, has got over the first obstacle without even trying!
Fortunately, as with most aspects of the WordPress setup, we can change the default login url to make your website more secure, remove this free information to hackers and make their job much more difficult.
How to change the default WordPress login URL
In order to achieve this we are going to use a very light weight plugin called WPS Hide Login. The first thing you will want to do is login to your website, install the plugin and activate it.
Once activated click on the “WPS Hide Login” under the settings tab of your WordPress admin area.
You will be greeted with a section like this:
Once here all you need to do is enter the new login url you want to use and save the changes. Next time you login you just need to go to the url you have set, and anyone going to the default WordPress login url will be greeted with a 404 page.
What If I Forget My Login URL?
The first bit of advice is try not to forget it! However, if you do then you need to deactivate the plugin. You can do this via accessing your website files through FTP. Navigate to the plugin directory and remove or rename the WPS Hide Login plugin.
You will now be able to login through the default WordPress login url. Once logged in add the plugin again and activate it. You will now be able to go to the settings tab as before and view your login url.