Keeping your website safe depends more on how you maintain and manage it. One way to do this is to make sure you keep all your plugins and themes updated, but there’s a lot more you can do, including changing the default login URL of your site.

WordPress automatically creates two default login URLs during the process of installation; wp-login.php and wp-admin.php. For instance, if you have a site like www.discountdomains.co.nz/ on WordPress, it will have “/wp-admin” added at the end of its domain name. 

This even makes it easy for you to remember. You might wonder why WordPress did not make it possible for the site owner to create a custom login URL, considering that these repetitive login URLs are a potential security risk. This is because they have already made it possible for you to create your own login URL anyway.

In a previous post, we listed creating your own custom login URL for your site as one of the ways you can toughen up the security of your website, but in this post, we’ll tell you just how to do it.

Why you should change the default WordPress login URL

It’s important to first understand why it is a good idea to create your own login URL before proceeding. Here’s why this is a reasonable step to take for the security of your website:

• Safeguard your site against brute force attacks

A brute force attack involves a hacker trying to figure out the password of your site by entering variations of spinning characters, using a software intended for this purpose. If you use a custom URL, you can bypass this entirely, because the hacker wouldn’t know where to find your login page in the first place.

You could use a unique username or a tough password, but your server’s resources can be seriously depleted due to numerous brute force attacks taking up your bandwidth. This can cause your website to crash or slow down significantly. Either of these scenarios is bad for business and should be avoided as much as possible.

• Keep the fact that you are using WordPress Hidden

Like any other CMS, WordPress is not as perfect as we would like it to be and not completely free of vulnerabilities and bugs. However, the fact it’s such a popular software means that a lot of people are always talking about it. While users can access a plethora of information, it also means any security vulnerabilities will be widely publicised.

Malicious parties tend to act fast in such situations, expending every tool in their arsenal to exploit any points where your defences may be weakened. While simply changing your custom URL won’t protect your site, it can help to hide the fact you’re using WordPress.

• Switch up the look of your login screen

Not everyone might be concerned about the look of their login screen, but if you run a membership site, you may prefer not to greet your customers or visitors with the fairly boring WordPress login page. Therefore, you can create your own login URL with a custom branded look that doesn’t expose the fact that you’re using a free CMS.

How to create a custom login URL for your WordPress site

Now that you understand why it’s a good idea to create a custom login URL, let’s get right into it. There are a few plugins that can be used to achieve our aim, including WPS Hide Login, HC Custom WP-admin URL and Custom Login URL.

WPS Hide Login

WPS Hide Login is a good place to start, because it’s lightweight and won’t affect the speed of your site. When you use this plugin, the default URLs are not deleted, but users will be unable to access them. The advantage here is that your site will go back to its previous state if you decide to get rid of the plugin.

To use the plugin, you’ll first have to install it from your dashboard. Once installed, you can then activate it. Please note that access to both default login URLs will be blocked once you activate the plugin. By default, the login URL will be changed to www.yourwebsite.com/login. You can change it to whatever you prefer, but be sure to write down the new URL somewhere safe, because you will be unable to access your site any other way.

To change the default URL, go to Settings > General. Scroll all the way down to where there should be a section for WPS Hide Login. Enter your preferred login URL in the blank field and save.
It hardly takes a minute to create your own login URL and your site will be safer for it.

Custom Login URL

This is another plugin you can use to create your own login URL. You can install it from your WordPress Admin like the WPS Hide Login plugin. Custom Login URL should hardly affect your site speed, so you don’t have to worry too much about that.

Once you’ve installed the plugin and activated it, go to Settings > Permalinks. Check under the ‘Authentication Redirects’ and ‘Authentication Permalinks’ headings, where all the configurable options should be located. Find the Login URL option, change it to your preferred URL and save. Like WPS Hide Login, this plugin doesn’t delete the default URLs. The default URLs are redirected to the new URL instead.

Final note

If using a caching plugin, you might need to include the new URLs to the list of pages not to be cached. Check any notes from the plugin developer to see if this would be applicable to you.