Hide WordPress Login Page to Protect From Brute Force Attacks
Although Wordpress is the most used CMS (Content Management Sysyem) in the world, it still has some weak points. These vulnerabilities are always in the focus of some malicious people and software.
One of them is the WordPress Login Page vulnerability, and this page may always be under brute force attack from some malicious software. These kinds of automated software always try a username (this may find easily, check this page) and password to crack the credentials.
There are many different ways to protect WordPress Login page vulnerability, but one of the most important things is to ensure that attackers cannot access the login page as easily as they expect. To change WordPress defaults may be the first step to ensure that.
As you know, the default WordPress login URL is website.com/wp-admin/ or website.com/wp-login.php and these are always the dearest of the attackers. Let’s deep into and change it the very easy way.
First of all, you need to FTP access or admin page access of your WordPress website. After that, find the functions.php file, which is located in your theme folder.
WordPress Root → wp-content → themes → Your Theme → functions.php
Then add these bunch of code to bottom of the file.
After adding these block of code, follow these steps and update your permalink settings. Because we added a new rewrite rule that may affect your website path.
WordPress Admin Page → Settings → Permalinks → Save Changes
Now we are ready to access our login page through our new path which is website.com/custom-login/
Conclusion
We defined it as ‘custom-login’ in the example. But you may change it as you wish. However, be aware of that; we want this unknown or hard to guess.
