Re-name Your WordPress Login Area
One of the most common ways that people attack WordPress sites is via the wp-login.php file.
Hackers try a “brute force attack” where they simply go to your login page and try to login as many times as they can. They try to login to your site using a masterlist of common usernames and passwords.
Every time they access that login page it adds stress to your server. If they’re accessing the page multiple times per second, it can significantly slow or even crash your site.
In this video, Topher shows you how to solve this problem via a plugin called “Rename wp-login.php”.
https://vimeo.com/289916437
An alternate I can think about is actually using a “captcha” for your login as well as any other forms you may have on a site. Some of the captcha modules available on WordPress can even block an offending IP for a set length of time upon repeated failures.
This is awesome tip. I implement it immediately in one of my
WP sites 🙂
Thanks you for all your great videos and contribution to
humanity.
What about plugins that utilize the WordPress login page? Will they be directed to the new URL properly by this plugin?
Good question! I have a plugin that has problems with this when I turn off some plugins for theme compatibility testing and sometimes it ends up a mess.
Great tutorial 🙂 I found an even more secure way which is to put the whole WordPress site into a subdirectory. This changes the login url as well as hiding everything else from those of ill intent – [url=http://www.sitepoint.com/5-tips-for-wordpress-power-users/]http://www.sitepoint.com/5-…[/url]
Excellent tutorial. i never even think of changing this but you have the point. 😉
There are other ways to do this with and without plugins. The plugin recommended in this article is not maintained by the developer, so it might not be the best solution.