The Problem with Default WordPress Login URL
One of the easiest ways to hack or hijack a website is a brute force attack. Furthermore, not having a safe wordpress login URL makes it easier for hackers to get hold of your website. Sure, wordpress is secure but these tiny loopholes are enough for the hackers to hijack your website.
Brute force attacks involve trying all permutations & combinations of username and passwords to enter to into the backend of your website/blog. This becomes easier when the hacker knows that you use wordpress as a CMS.
How? By simply looking at your admin login URL.
The default wordpress login URL has “wp-admin” in it which makes it easier for them to hack. Furthermore, wordpress creates admin as the username, which you cannot change. Sure, there are workarounds to change the wordpress username, which I highly recommend doing.
Now, all the hackers gotta do is guess your password as they already have the login URL and username, which is half won battle already. Even if you use a strong password and password manager, the hacker (or their bots) will keep attempting to login which may result in bringing down your website.
I’m sure this doesn’t sound fun and boring but it’s important stuff and I assure you there aren’t many steps involved in reaching one more step closer to a safer wordpress usage experience.
Let’s dive in right away!
How to Find Your WordPress Login Link
If you are an absolute beginner, it would be difficult to find the wordpress login URL. You should’ve received an email from your web hosting provider soon after installing wordpress on your web hosting server. If you cannot find the email, simply add /login or /admin to your website URL.
If for some reasons, you are unable to access the login page, you can simply go to the below-mentioned URL which is a standard wordpress login page.
Note: If you’ve installed wordpress in a subdirectory, you will need to include that directory in the URL. For example, if you’ve installed wordpress in /wordpress subdirectory, you’ll need to navigate to
www.example.com/wordpress/wp-login.php (or) www.example.com/wordpress/login.
Furthermore, if you have installed wordpress in a sub-domain, your wordpress login link would look something like this:
subdomain.example.com/login (or) subdomain.example.com/wp-login.php
With these URLs, you can directly access the folder where wordpress script is installed. Also, if you notice the URL after you login, it will be something like this:
www.example.com/admin (or) www.example.com/wp-admin/
This URL will check if you previously had any active sessions of the dashboard. If that session hasn’t timed out, you will be redirected to the dashboard, else login screen will be displayed.
Here’s a video tutorial to find your wordpress login URL.
I’m sure if you haven’t changed the URL at the time of installation, you will need to change it now.
Let’s see how
How to Create a Custom WordPress Login URL for Admin Profile
Solution to this problem involves steps that can be done manually(involves a lot of code) & use a plugin to do so. Let’s begin with plugins first, as they are easy to manage.
Method #1: WPS Hide Login Plugin
With over 400,000 active installs, WPS Hide Login has been serving a lot in terms of security. The plugin is very lightweight and doesn’t alter any of your files or rewrites any rules. It simply intercepts the page request and can work on any wordpress site. Since the wordpress login URL is a core feature, there is a risk of altering the core code. Which further comes with the risk of changing core features that may not result positively.
Once active, go to Dashboard » Settings » General and find WPS Hide Login section as shown in the image below.
Note: The wp-admin directory and the wp-login.php page become inaccessible, so you must add a bookmark or remember the URL. Disabling this plugin takes your site exactly to the state it was in before.
Method #2: Better WP Security Plugin
Download & activate the plugin from the wordpress plugin directory here. Since this plugin serves a lot of features other than security, I don’t recommend using it as it may leave some loopholes. Here’s a detailed setup guide for Better WP Security Plugin.
If you are looking for some plugins to customize look and feel of the wordpress login page, I recommend Custom Login Page Customizer plugin or you can find more plugins from the wordpress plugin directory here.
Note: You can also check out changing the wordpress login URL manually which involves a lot of code. Here’s the conversation from wordpress forum.
As far as security is concerned, it’s always recommended to have a custom wordpress login link to make it difficult for hackers to find out about the CMS in use. Furthermore, you should install a plugin to limit login attempts.
Even if the hacker finds out the login URL of your wordpress blog, this will be a second layer of the security which will save your day.
Here are some more recourses on wordpress that will help you in many ways.
Do you know someone who uses wordpress? Share this with them and help them keep their website/blog safe. Furthermore, join my mailing list & Btricks Channel on Telegram to get instant & exclusive content right on your smartphone.