Here's a quick tutorial to help you add an extra layer of security to your WordPress blog.
A while back I discovered a cool plugin that enabled me to change the login URL for one of my niche website's.
Why would I want to do this?
Well, sadly that niche site I was being bombarded with too many failed login attempts.
And yes, I did have the Limit Login Attempts plugin installed. But even so, there were still too many failed login attempts. That made me feel quite uncomfortable. What if one of those attempts were successful? What then?
Every few hours I would get an email notification about a failed login attempt.
On top of this, I also noticed an increase in "spammy" user registrations for the site. I had to do something about this quickly.
If you're reading this and you're experiencing exactly the same kind of issues with your blog or membership WordPress site. Especially if you have the subscription option enabled like I do, the good news is that you can do something about it.
Here are some options:
So, the first obvious thing you can do is disable user registrations entirely. However, that's not really a great solution. Especially if you depend on your users subscribing to your site to use certain features. You need to have this enabled in which case, right?
The other option you have is to completely change the URL login name, i.e. changing the URL permalink structure.
Bingo! That's exactly what we're going to do and I'll show you how.
So, the easiest way to change the login URL in WordPress is to use a simple plugin.
There's a few of them dotted about in the WordPress repository. Unfortunately, though, most of them are no longer maintained.
Originally I was using the Rename wp-login.php plugin. However, this hasn't been updated in over three years now.
There's another plugin you can use called: WPS Hide Login.
This is the plugin that I use on this site currently. It is an ultra lightweight plugin with one simple setting.
Before we start using this plugin, I want to give you a few important tips for changing the URL structure of your login page.
Right then, let's begin...
Pretty straightforward stuff if you're already familiar with WordPress.
If you're not familiar with WordPress, then all you have to do is -
From the back end of your site (WordPress Admin area), head over to Plugins > Add New, and do a search for "WPS Hide Login". See the screenshot below.
Once you've found it, simply hit the install and activate button.
Next is to make one simple configuration. Yep! Just one...
Head over to Settings > WPS Hide Login. Scroll down to the bottom of the page until you see the option to add a new string to the login page. See image below.
Simply add a new URL extension of your choice in the box provided, then add the extension you'd like to have the old login page to redirect to. Once you're done hit save.
That's it you're all done! How easy was that?
If you now try accessing the old login page wp-login.php URL of your site or blog, you should be redirected to whatever page you entered in the redirection URL. I have mine redirected back to my blog page.
There you have it, you've changed the URL name of your login page and added an extra layer of security to your WordPress site.
If you want to add even more security to your login page, the WP Limit Login Attempts plugin is something to consider installing if you haven't already done so.
You can find this plugin here: Download WP Limit Login Attempt Plugin.
If you'd like to learn more cool WordPress security tips and hacks, check out this detailed blog post.
Also, do let me know if this has worked for you. I'd love to know. You can get in touch with me via the contact page here.
Ad - Is your website sending visitors away? Did you know that 94% of visitors make a 1-second decision, whether to trust or distrust a website based on design and usability? Click here to stop losing subscribers, sales, customers, and clients.