One of the most popular ways to breach WordPress sites is a Brute Force Attack. In this type of attack, hackers try many combinations of usernames and passwords in order to enter the WordPress admin interface.
Especially when everyone knows that the access address to the WordPress admin interface is wp-admin, any hacker can easily start with the same attempt for a Brute Force Attack.
There are quite a few plugins that allow strengthening WordPress security and there are also quite a few security actions you can take to prevent such incidents. One of the steps that can be taken is to change the access address to the WordPress admin interface. In this way, hackers won’t be able to find the link to the admin interface, significantly reducing the chance of such a breach.
In this short guide, we will see how to change the access address to the WordPress admin interface using a plugin. As you know, I usually avoid using plugins, but in this case, all my attempts to find a solution to change the Login URL by myself failed.
Moreover, and whether you noticed or not – in most cases where I present alternatives to plugins through code, those solutions are Front-End level and less at the level of the WordPress admin interface (although there are also such posts on the blog). So there are situations where plugins do an excellent job, and changing the access address to the WordPress admin interface is exactly the case…
Changing the WordPress Access Address Using WPS Hide Login
With over 200,000+ active installations and a rating close to five stars, the WPS Hide Login plugin is the simplest, lightweight, and most convenient one for changing the access address to the admin interface (and I’ve tested several plugins).
You can install it by searching for “WPS Hide Login” from the plugins area in WordPress or simply download it from the WordPress repository. After installing this plugin, go to the plugin settings that appear in the WordPress admin interface > Settings > General at the bottom of the page.
You can write whatever you want under Login URL in the plugin settings, for example, connect, logmein, admin, and anything that comes to your mind, but remember that the whole purpose is to ensure that the access address to your WordPress site is hard to crack.
The plugin requires WordPress version 4.1 and above and of course, it does not change anything in the WordPress core files. The plugin also does not add any “rule” to the
htaccess file and everything related to site login, such as registration, password recovery, etc., will continue to work as usual.
It simply “redirects” requests to the mentioned page and works great on every WordPress site without any special effort. Disabling the plugin returns your site exactly to the state it was in before activating the plugin.
Note – the plugin works on Multisite sites, but it’s important to note that it has not been tested on sites that are on a subdomain (that’s why I don’t use it on Savvy Blog).
Does the plugin cause problems with caching (cache memory) plugins?
Before we talk about cache, let’s say that the WPS Hide Login plugin supports any other plugin that hooks to the same login form for the WordPress admin interface. BuddyPress, bbPress, Limit Login Attempts are a few examples of plugins supported by it.
If you are using a cache plugin that is not WP-Rocket, you need to add the identifier (slug) of the new access address to the list of addresses not included in the cache. WP-Rocket fully supports this plugin without any action needed.
If you are using plugins like WP Total Cache or WP Super Cache, the WPS Hide Login plugin will display a message with a link to the field you need to update.
From a security perspective, it would be correct to change the wp-admin address to make it difficult for hackers to breach your site. If you are at the stage where you are concerned about securing your WordPress site, take a look at the guide in the category of WordPress Site Security and find there quite a few posts on security.