WordPress is the most popular CMS(Content Management System) among bloggers. The same fact has made WordPress more vulnerable to attacks by hackers. Especially for authentication vulnerabilities such as brute-force attacks.
We can mitigate the risks of these types of attacks on WordPress websites by simply installing and configuring a plugin.
As I mentioned before WordPress is the most popular CMS, and anyone knows the default admin login URL of a WordPress site which is equivalent to "{WORDPRESS_SITE_DOMAIN}/wp-admin". So the "wp-admin" suffix is the route that navigates the user to the admin login page.
So our simple trick is to change that route to a custom one and not allow the hackers to guess it and perform a brute-force attack.
For this, we need to install a plugin called Change WP Admin Login.
Once installed the plugin from plugins section in WordPress, it should appear as below.
You're almost done, and it's just left 1 last step to complete.
Now we just need to provide our desired custom route to replace the default "wp-admin" one. So navigate to Settings-->Permalinks and bottom of the page it will appear "Change wp-admin login" section.
So just provide the custom name under "Login URL" input field. Additionally can add a value to "Redirect URL" input field as well. As an example if you have a default "404 not found" page with the website, you can add it. Or else simply keeping it empty will redirect the user to site's home page when someone tries to access "wp-admin" route.
[I have used https://shoppersprestige.com/ WordPress site for demonstrating the custom URL]
That's it!! Now save changes, and just after that you can log out and see. You'll be on "{WORDPRESS_SITE_DOMAIN}/{CUSTOM_ADMIN_ROUTE}"
Top comments (2)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.