The digital world requires high-level security. If you are a businessman, a blogger, or a representative of the creative community, most likely you have a website to promote your products, services, or to maintain public relations. WordPress websites are the most popular nowadays because they are used by millions of users for different purposes.
One of the most essential aspects of WP website security is a custom login URL. This protective measure will prevent hacker attacks. The malefactor will not steal your personal data and will not get access to your corporate or private site if you are going to change WordPress login page URL. One of the most dangerous attacks in the cyber world is the brute-force one when hackers try to guess your login and password details. Custom login page aims to reduce the risk of WP site hacking.
The Main Reasons to Use Custom Login URL in WordPress
There is a default login in WordPress most of us know well – it is /wp-login.php. Namely this information is used by hackers when they try to harm your website. We recommend to change WordPress login URL and make it custom because:
- Hackers will not be able to guess where your login form is. It means that getting access to your website becomes much more difficult. Custom login URL prevents easily-done hacking of the default parameters like /wp-login.php.
- The most reliable method to prevent hacker attacks like brute-force attack or a zombie bot army network attack where the main purpose is to guess your website login and password. Hackers do this to steal your site memory or some information.
- Protect your server from spammy HTTP requests and other activities that will harm your WordPress website load speed. Another negative impact is also possible. But if you change WordPress login URL, you are able to avert any cyber danger at once.
If you make sense of the WP custom login page, you need to choose one of the most comfortable and simple methods to change your default login data. It is possible to do it with the help of a special-purpose plugin or manually without additional software. Or try a protection technique with cookies and .htaccess. Let’s take a closer look at the best methods on how to change WordPress login page.
Method 1: Manual Changing with no Plugin
It is worth noting that this method is one of the simplest and safest because each step is undertaken personally by the WordPress website owner or an administrator. No system errors and some unpredictable situations will take place. Each step is well-regulated in comparison with other procedures where the plugin activation is required or usage of other supplementary software.
First, you need to get prepared for poor results. If you try this method the first time, be sure that you have a copy version of your default login page. It is called a backup of your /wp-login.php. URL. Store this file in a secure place and use it in case the wrong step takes place. When you managed to complete your first stage of the manual login page changing, follow our algorithm that will be helpful both for beginners and experienced users:
- Download a text editor that is convenient for you. It can be a Notepad or its other versions like Notepad++. The app market is rich in various text editors, so select the one you will work with and change WordPress admin login URL without plugins.
- To change the WordPress login page, you need to get access to the files of your website. For this purpose, we have just recommended installing a good text editor.
- It is high time to think of the login UR (unit record). Create a unit record named as you wish. For instance, it can be /mynewlogin.php.
- When a new file is created, go to your directory that is usually called public_html. Here your default login file will be easily found. You may open /wp-login.php in any available way. For example, while using your File Manager or other software.
- Now, your task is to replace the default login name /wp-login.php with a new file name /mynewlogin.php. Select the command Replace All not to miss any default name. That’s all, you managed to change WordPress login URL manually.
Sometimes users face some difficulties because any wrong step was undertaken. Remember that you have a backup file to bring all settings back. Restore the previous file using your root directory and start the process of the manual changing one more time. The above-mentioned algorithm will help you to initiate a WordPress change login page URL without plugins.
Method 2: Cookies and .htaccess to Make Your Default Login File Well-Protected
This technique is suitable to hide your default login URL. Prevent hackers’ attacks with the help of one more method. It is worth noting that your admin login URL will not become custom but well-protected with the help of several steps to undertake. The idea is that third parties will see a Forbidden page while trying to get access to your /wp-login.php. At the same time, you as the owner or an administrator of the WP website have an opportunity to log in without any problems.
There are only two steps to follow. But be attentive because you have to do with WordPress coding. Take a closer look at the algorithm and try to repeat all the described steps to protect your /wp-login.php file:
- Open your .htaccess file and put inside it this coding data:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_COOKIE} !^.*wp\-guesswho=2917998723.*$ [NC]
RewriteRule wp-login.php - [F]
</IfModule>
If you still have some doubts about the safety of this method, do not worry. This technique is secure. The conception of this code is really simple because we set special cookies for third parties to prevent their access.
- The second step will be related to the creation of the new login page for cookies. For this purpose, let’s create a special-purpose file named /wp-guesswho.php and change our code to bring it into operation. Use your text editor to create a new page, add the following code:
<?php
setcookie("wp-guesswho", 2917998723);
header("Location: wp-login.php");
Do not forget to add this file to your root directory to put the code into service. From this moment, third parties will go first to the page yourdomain/wp-gueswho.php. This method is not the last speaking about the custom login URL. Some users prefer to download supplementary software and plugins to protect their websites.
Method 3: Custom WordPress Login Page with the Help of Plugins
It is useless to recommend you only one plugin or some specific type of software product. You may find ones on the present-day market of WordPress security plugins and programs yourself. Most of the plugins aim to hide your login page from random access. Nevertheless, this is not a guarantee that your website will not be hacked.
We recommend creating a backup file in any situation. Even if you think that your new plugin is safe and lightweight, there is a risk that something would go wrong. Any method to make your admin login page custom is risky, so be prepared for any circumstances. If you do not like the final result, deactivate the plugin to return your login URL to normal condition.
Xtemos Space is your reliable assistant when it comes to your WordPress website customization and modernization. Check the catalog of our top-notch templates and business themes to increase conversion rates and attract more and more visitors!