Do you want to know of a great way to add an extra layer of security to your WordPress website? Read on.
So, a while back I decided to change the login URL for one of my niche sites.
Reason for doing this?
Well, with that particular site I was receiving way too many login attempts.
And yes, I did have the Limit Login Attempts plugin installed, even so, my poor site was still getting an extortionate amount of ‘failed login attempts’.
Every hour or so I would get a notification email about a failed login attempt.
In addition to this, I also noticed many new “spammy” user registrations taking place on the membership site.
I had to do something about it.
Are you experiencing the same issue with your blog?
If you’re reading this and you’re experiencing exactly the same kind of issues with your blog or membership WordPress site. Especially if you have subscription option enabled like I do, the good news is that you can do something about it.
Here are some options:
- Disable user registration.
- Change URL of the login page.
So the first obvious thing you can do is to disable user registrations entirely, however, that’s not really a great solution. Especially if you depend on your users subscribing to your site to use certain features. You need to have this enabled in which case.
The other option you have is to completely change the URL login name, i.e. changing the URL permalink structure.
Bingo! That’s what I’m going to show you how to do in this post.
Plugins needed for the job
So the easiest way to change the login URL in WordPress is to use a simple plugin.
There’s a few of them dotted about in the WordPress.org repository. Unfortunately, though, most of them are no longer maintained or even updated.
I used to use Rename wp-login.php, however, this hasn’t been updated in over three years now.
There’s another plugin you can use called: WPS Hide Login.
This is the plugin that I use on this site. It is an ultra lightweight plugin with one simple setting.
Before we start using this plugin, I want to give you a few important tips for changing the URL structure of your login page.
- Change the URL to something memorable: Change your new login URL to something that you and your site members will easily remember, yet something that will not be so obvious for unwanted visitors to guess. For instance; /login-page/ is pretty obvious so try and avoid using ones like that. You could instead use something like /jump-on-board/ or /let-me-in/ or /members-only-page/. I’m sure you can think of a few better ones.
- Write it down: Make sure you write the new login page URL somewhere until you remember it off by heart. Or, simply bookmark it somewhere on your computer.
Right then, let’s begin…
1. Installing WPS Hide Login plugin
Pretty straightforward stuff if you’re already familiar with WordPress.
If you’re not, then all you have to do is from the back end of your site (WordPress Admin area), is head over to Plugins > Add New, and do a search for “WPS Hide Login”. See screenshot below.
Once you’ve found it, simply hit the install and activate button.
2. Configuring the WPS Hide Login plugin
Next is to make one simple configuration. Yep! Just one…
Head over to Settings > WPS Hide Login. Scroll down to the bottom of the page until you see the option to add a new string to the login page. See image below.
Simply add a new URL extension of your choice in the box provided, then add the extension you’d like to have the old login page to redirect to. Once you’re done hit save.
That’s it you’re done! How easy was that?
What happens to your wp-login.php extension?
If you now try accessing the wp-login.php URL of your site or blog, you should be redirected to whatever page you entered in the redirection URL.
More WordPress security tips
So, there you have it, you’ve changed the URL name of your login page and added an extra layer of security to your WordPress site.
If you want to add even more security to your login page, the WP Limit Login Attempts plugin is something to consider installing if you haven’t already done so.
You can find this plugin here: Download WP Limit Login Attempt Plugin.
If you’d like to get access to more cool WordPress security tips and hacks, check out this blog post.
Also, do let me know if this has worked for you. I’d love to know.
Is your website sending visitors away? Did you know that 94% of visitors make a 1-second decision, whether to trust or distrust a website based on design and usability? Click here to stop losing subscribers, sales, customers, and clients.
Thanks for reading, I’ll have more tutorial posts coming up soon.