By default, WordPress website login url is wp-login.php. For example, if your WordPress website url is wpboys.com, then the website login is going to be wpboys.com/wp-login.php. WordPress is one of the most widely used CMS in the world. And hackers are always trying to attack as many sites as they can by performing many types of attacks on the website login url. Therefore, you should always try to secure your website login url. If you have open registration enabled on your website, then you must make sure you have enabled captcha and other security enhancements. These enhancements will significantly help you to keep the register page away from malicious attacks.
How to secure existing login url ( wp-login.php )
You can definitely use many plugins to secure your website login url by adding captcha, login limit, two factor authentication and many more.
Here are a list of ways i like to make login page more secure.
- How to add captcha in WordPress Login URL
You can use WP Limit Login Attempts plugin in your website to enable Google reCAPTCHA in the login page.
- How to add a login limit in WordPress Login URL
You can also use the same WP Limit Login Attempts plugin to enable limitation on number of times a user can submit wrong credentials in the WordPress website.
- How to add Two factor Authentication in WordPress Login URL
You can use Two factor Authentication plugin in your WordPress website and configure it to enable two factor authentication using Google Authenticator, Authy and many more.
How to change WordPress login url using plugin
I work with many businesses and manage their WordPress websites for over ten years now. We have noted a very big reduction in number of attacks in websites just by changing the default WordPress login url to a custom one.
You change your website login url by installing WPS Hide Login plugin in your website. Here is a step by step guide on how to set up this plugin to change your login url to a custom one.
- Install WPS Hide Login plugin
- Go to Settings >> WPS Hide Login and define your new custom login url and the error redirection url when someone tries to login to the WordPress default login url at wp-login.php
- Thats it , now you can access your website via the new custom login url.
If you run a small business or a blog website, you don’t have to share your website login url with many people. And this should keep the login url difficult for the attackers to guess. But if your website is large and a bigger team of members manages it, the login url may get very well known. Therefore, i always recommend that you should take all other security measures as mentioned above in the login page for complete peace of mind.