To do or not to do: change WordPress login url

Change WordPress login url

To Do Or Not To Do?

In the WordPress plug-in directory there are quite a few plug-ins available to change your log-in url from the standard ‘/wp-admin/’ (or, alternatively, ‘/wp-login/’) to something else you can choose yourself. They are all claiming it’s a security measure.

Many WordPress experts argue that this security measure is useless, saying: ‘security through obscurity’ is totally ineffective.

We at CamboDesign disagree. While changing the url for logging in to a WordPress site is only a tiny measure to step up security, and it surely should not be the only one to secure a website, we think every little bit helps. Preventing access for automated scripts looking for the standard WP login is simply another measure to combat ‘rogue’ log-in attempts. Especially when combined with a ‘three strikes and you’re out’ rule.

With our favourite plug-in called WPS Hide Login you can change your log-in url. Plus there are some more ‘under the hood’ functions preventing access to WordPress areas no ‘stranger’ should have access to, most notably the wp-admin directory.

IF (that’s a big ‘if’) attackers were able to discover the new login url: where WordPress by default reveals what was wrong (the filled in username and/or the password), this plug-in will simply state something was wrong.

Combine it with Limit Login Attempts and set attempts to e.g. 3 and you’re good to go. After three failed log-ins, the IP recorded will be blocked from even accessing your log-in. You can also set the period how long this IP should be banned.

If you are absolutely sure you (or anyone else having admin access to your website) will never make a mistake with log-in details, you can even set log-in attempts to 1. Be careful with this, though. We’ve had a few clients where the login limit was set to 3 and they were still able to lock themselves out…

Again, above mentioned measures are most certainly not the only ones you should take to secure your website. If you only do this, it’s by far not enough. But, it’s another security layer and – we say it again – every little bit in securing your website helps.

If you find this tip helpful, please click on one of the Share buttons below. Thank you.