Re-name Your WordPress Login Area

A file with a lock over it to symbolize security

A file with a lock over it to symbolize securityOne of the most common ways that people attack WordPress sites is via the wp-login.php file.

Hackers try a “brute force attack” where they simply go to your login page and try to login as many times as they can. They try to login to your site using a masterlist of common usernames and passwords.

Every time they access that login page it adds stress to your server. If they’re accessing the page multiple times per second, it can significantly slow or even crash your site.

In this video, Topher shows you how to solve this problem via a plugin called “Rename wp-login.php”.

https://vimeo.com/289916437

Author

  • Steve Burge

    Steve is the founder of OSTraining. Originally from the UK, he now lives in Sarasota in the USA. Steve's work straddles the line between teaching and web development.

    View all posts
0 0 votes
Article Rating
Subscribe
Notify of
guest

7 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
srinivasb
10 years ago

An alternate I can think about is actually using a “captcha” for your login as well as any other forms you may have on a site. Some of the captcha modules available on WordPress can even block an offending IP for a set length of time upon repeated failures.

Aws
Aws
10 years ago

This is awesome tip. I implement it immediately in one of my

WP sites 🙂
Thanks you for all your great videos and contribution to

humanity.

Yaeger Design
Yaeger Design
10 years ago

What about plugins that utilize the WordPress login page? Will they be directed to the new URL properly by this plugin?

Rick Lohre
Rick Lohre
10 years ago
Reply to  Yaeger Design

Good question! I have a plugin that has problems with this when I turn off some plugins for theme compatibility testing and sometimes it ends up a mess.

morktron
morktron
10 years ago

Great tutorial 🙂 I found an even more secure way which is to put the whole WordPress site into a subdirectory. This changes the login url as well as hiding everything else from those of ill intent – [url=http://www.sitepoint.com/5-tips-for-wordpress-power-users/]http://www.sitepoint.com/5-…[/url]

Xinlu
Xinlu
10 years ago

Excellent tutorial. i never even think of changing this but you have the point. 😉

Dan Knauss
Dan Knauss
9 years ago

There are other ways to do this with and without plugins. The plugin recommended in this article is not maintained by the developer, so it might not be the best solution.

7
0
Would love your thoughts, please comment.x
()
x