You might be asking yourself, “Who cares?” But there are very good reasons why you should care:
It doesn’t take long for us to figure out that you’re using WordPress using traditional tools. It takes even less time for a hacker to determine whether a website is powered by WordPress or not.
Everything that is needed for this can be found in the on-board resources of our browsers. With it you can analyze the source code of a website and find things like /wp-content/themes/style.css or /wp-content/plugins/ and so on. Once we know that your site is built on WordPress, we also know that the default URL to your login is /wp-login.php.
We also know that WordPress creates a user named “admin” by default. So we already have two essential pieces of information: the login URL and the username. Now only the password is missing.
From now on we will try to guess your password. But while we eventually give up annoyed, you can’t hope for that with a hacker. Even if you use a different username and come up with a strong password (and maybe even use a password manager to keep your keystrokes unrecorded), the hackers don’t know it. Your bot will forever try to log into your account using generated passwords. Valuable server resources are wasted in the process and your site can no longer be reached at all.
We admit that this is not the most exciting topic, but it is extremely important. Hopefully we’ve scared you enough to read through the rest of this guide. We promise that the process is quick, super easy and doesn’t cause any headaches. If you know how to install a plugin, you already know everything there is to know about it.
Should I change the URL to my WordPress login without a plugin?
Under no circumstance. Use a plugin.
It might sound a bit harsh, but trying to change the URL to your WordPress login without using a plugin is a bad idea. Is it technically feasible? Yes, it is. So should you try it too? No, you shouldn’t. There is a good reason why WordPress doesn’t allow us to change the URL completely by default.
Whenever possible, we advise against using plugins. You save a bit of storage space and bandwidth on the server, reduce the running processes and thus the number of possible sources of error. You can also learn a lot about how a content management system works if you avoid using plugins as much as possible. In this case, however, we definitely recommend a plugin.
How to change the WordPress login URL with a plugin?
The best and safest way to change the WordPress login URL is to use a plugin. There are quite a few on the market now, but none does the job as well as the ultra-slim WPS Hide Login. It only has one job, but it does it to your complete satisfaction.
After installation and activation you will find a new option in the general settings. There you can enter a path under which your login fields can be found in the future. Either go to Settings > General (and scroll all the way down) or Settings > WPS Hide Login, the goal is the same in both cases.
All you have to do is type a new URL into the input field and save it.
The plugin also prevents users who are not logged in from being able to access the wp-login and wp-admin file. In other words, you must be logged in to access it, otherwise you will be redirected to the 404 error page.
Two things to note
First: By activating the plugin, you lose access to your usual login interface. By default, WPS Hide Login redirects you to /login for input. This happens at the moment of activation and even before you can make your entries in the settings. This must not be forgotten. If you then changed the URL, you should remember it well or take a screenshot of what you entered in WPS Hide Login. Otherwise you will have trouble logging in.
The goal is to make things harder for hackers, not lock you out of your own site.
Second, as soon as you disable the plugin, your site will immediately go back to using wp-admin and wp-login to login. Therefore, if you decide not to continue using the plugin, don’t worry about messing up the database or banning someone from logging in.
While the idea of changing one of the fundamental elements of a WordPress installation may send some chills down your spine, hopefully you’ll find that it only takes a few clicks to get rid of this worry. As we mentioned above, technically it’s perfectly possible to change the WordPress login URL without a plugin, but it’s really not a good idea. There are too many factors within the root files to consider and if you want to tackle those root files, using a plugin is always a safer bet.
If you care about the security and stability of your site, you should definitely change this URL.