Home Wordpress How to Change and Secure Your WordPress Login URL

How to Change and Secure Your WordPress Login URL

by Mr. Geek Tips
0 comment

In WordPress, the default login URL is (www.yourwebsiteurl.com/wp-admin). But why you should be worried about the URL to the login page? What are the benefits of adding a Captcha to your WordPress login link?

Keeping the login URL as it is, on the other hand, could pose a security risk to your site. By changing the default URL and adding an automated verification feature  (reCAPTCHA), i will show you how to secure this page, which is the gateway to all of your site settings, so that no one can easily predict your login page.

Why You Should Change the Login Page URL?

One of the most significant steps you can do to better secure and protect your WordPress site is to prevent access to the login URL to just administrators. A hacking attempt or unauthorized access may slow down your site’s performance or security, putting the data of your users in danger. By restricting access to your login page URL, you may prevent this from happening.

A common attack on WordPress websites is brute force, which consists of a series of attempts to predict login passwords through that login page in order to hack the site, steal its data, or even block the site and user’s data, and so your change to this default link prevents all those attacks.

Here are some methods most hackers use to get access to the website using the default login URL:

  1. www.yoursiteurl.com is the primary URL to the website.
  2. Verify if the website was built on WordPress or another platform by using one of the tools or by checking some common WordPress files, such as /wp-content and /wp-includes and some others, inside the WordPress installation.
  3. If the default URL has not been changed, the login page will be /wp-admin if the site is built on the WordPress platform.
  4. Hackers can easily guess the username and password if your login data is set to “admin”, and if you know how to create a WordPress site, then you won’t use “admin” as your password either.
  5. It’s possible that they’ll harm a large number of site files and user data once they’ve figured out the username and password.

Now that we’ve covered some of the most significant risks that your website may be exposed to via your public login URL and the importance of changing that URL in order to secure your website, we can move on to explaining why you should do both of these things.

Change the wp-admin login link to your WordPress dashboard.

In order to change the URL to the WordPress dashboard login page, you can use an easy-to-use plugin called WPS Hide Login, which allows you to do it from within the dashboard.

First, go to plugins then click “Add New,” in the search box search for the plugin name “WPS Hide Login,” then install and activate the plugin.

install new plugin

Once you’ve installed and activated the plugin, you can access the plugin’s settings menu by clicking on the “WPS Hide Login” option in the “Settings” section of the WordPress dashboard.

WPS Hide Login settings

You’ll see an option “Login URL” that you may change to be the login URL for your website, as seen in the image. If you start typing “MYLOGIN” for example, your login URL will be www.yoursiteurl.com/mylogin, from which you can log in.

Yoursiteurl.com/wp-admin will no longer work once you make this change and confirm it. Instead, you’ll get a 404 error page and be able to log in through the URL you entered in this step.

Activate reCAPTCHA

In the previous tutorial, we learned how to change the WordPress login URL. In this tutorial, we’ll see how to add the well-known verification system known as “CAPTCHA” to the login page in order to raise the security level.

Installing and activating the Captcha 4WP plugin is the first step. This plugin helps WordPress site owners in utilizing the system for verifying logins through the well-known “reCaptcha” verification system, a system that verifies that the login process is in fact an accurate one performed by a human and not by bots intended for the purpose of hacking the site.

Then, once the plugin is installed and activated, you may access its settings from the WordPress dashboard. This is where you’ll find the “Captcha 4WP” options, as seen in the image:

captcha plugin

Using the Settings page, you’ll see that there are 2 main options:

  • Codes needed for activating the captcha site key and the Secret Key will be explained in detail below.
  • You can select the pages on which the Captcha verification system should be activated in the second option “Settings & Placements”. Login and register new accounts are two examples of how you can activate the system.

Google Captcha provides an easy and free way to obtain activation codes required by the plugin, which we will use to get the activation codes required by this plugin.

Simply click on this link to access the Google captcha website settings page in order to get the code.

You must complete the following fields, in order to get the Captcha code for your website:

google captcha

After completing all the required information, you agree to the service’s terms of service, and a page including the keys to enable the captcha on your site will appear:

google captcha codes

Just copy these codes and paste them into the appropriate place on the plugin page, as shown in the following image:

Screenshot 1 1

You can now try to use the login page or any of the other pages where you’ve activated the Captcha verification system after successfully pasting the activation code.

Now you have learned how to protect your website and user information from random hacking attacks by changing the default URL /wp-admin and adding a human verification system.

You may also like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

@Mr. Geek Tips 2022. All Right Reserved. Designed and Developed by Coders Xpress.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More