If you are the owner of a WordPress website and worried that its access must not be hunted by any hacker?
This is why hiding your login page can help you to save your website from malicious attacks. Hiding your login page is a reliable way to secure your WordPress website.
There are many method to hide login page. So, with the below easily mentioned techniques, you can baffle the hackers.
The article will discuss the two ways to hide your WordPress login page:
- Using Plugins – the fast and easy
- Using .htaccess – the harder, but more reliable
Table Of Content
Why We Need To Hide WordPress Login Page From the Hackers, Anyway?
WordPress admin login is pretty accessible by anyone who knows your site is made with WordPress. By simply putting ‘wp-login.php’ after the URL of your website, anyone can get the login page.
Now, this is very unsafe because one of the primary ways of hacking your site is actually to get the username and password. If they can get to the login page then it is not too hard for a hacker to get your password and if it does not happens, hackers can not do so.
After reaching your login page Hackers launch brute-force attack. In a brute-force attack, hackers try to guess your username and password again and again.
They hope that by making enough attempts, they will find the key combination. By covering your login page, hackers can have no chance to hit and trial your logins.
However, brute-force is not the only way for them. The .htaccess is better to protect your entrance page if it gets their hands on your username/password from the start.
How to Hide WordPress Login Page With a Plugin
Using a plugin is a very easy approach for hiding your login page. There are many wordpress plugin which are useful to hide wordpres login page.
For the motive, WordPress has WPS Hide Login which is the best resolve and has good number of active installation.
It simply gives you a custom URL and blocks all the requests to the wp-login pages and default wp-admin page.
WPS hide login is an easy and quick way. By using the plugin you can do the task in 2 or 3 seconds. You just need to define a custom URL by doing Setting WPS Hide login and plugin will do the rest of the job.
If you are with a caching plugin, you will need to add the customized login page to the excluded caching list.
Is WPS hide login completely reliable for hiding the admin login Page?
Well, it is not enough. The plugin is workable against automatic brute-force. However, these are not the only tool for hackers to steal your username and password of WordPress.
What if a hacker is singularly focused? This is not safe in the case, With Support threads of WordPress hackers can reach your login page by its backdoor techniques.
- With Encoded URL (For Firefox)
- Through accessing /wp-admin/customize.php
This trick is also not a big issue and has a solution to get rid of it. For further security, you are required to make one step manually that restricts all the traffic to your login page.
Manually hiding WordPress admin login page with .htaccess
You can use a manual and best technique of .htaccess for achieving the goal. The two common methods to hide your login page with .htaccess are:
- With password access to the wp-admin
- With restricting access to wp-login by IP address
Both of the methods are from ‘https://codex.wordpress.org/Brute_Force_Attacks’. As they are approved from WordPress so they are completely reliable.
How to hide the WordPress login page with .htpasswd
In this way, anyone trying to reach your admin entrance will be notified with a prompt titled “Authentication required”.
Using .htaccess is not hard, You have to follow three steps:
Go to ‘https://hostingcanada.org/htpasswd-generator/’ and write your desired username and password.
Click on “Create .htpasswd file”. Your password will be encoded and the tool will show you the text to add to your .htpasswd file.
Save the text to a file named ‘.htpasswd’ and upload it to the root directory of your WordPress site. Save the text in a new notepad or similar thing. Make sure you have saved the file with the ‘All Files’ type.
Add the following code to the top of your existing .htaccess file (is located in the root directory of your SITE).
Remember to replace your Username as used in .htpasswrd file.
How to hide wp-admin login by IP address with .htaccess
Another tool of .htaccess for hiding your WordPress login is restricting through IP address. Only authorized users by you will see your login page and the rest will see ‘403 Forbidden error’.
This is a great way for security if you use WordPress on only one device.
To set the restriction, you are just required to add the following bit of code to the top of your .htaccess file. Also, you can find your .htaccess file in the root directory of your WordPress site.
Must replace “!^123\.123\.123\.123$” with the numbers of your IP address.
How to add multiple IP Addresses in the code
If you have to add more than one IP address, simply duplicate the line containing the IP address and replace the allowed IP addresses. (As in line with //)
That’s all is for the security and restriction that you can do with your WordPress website. If Still, you are not satisfied with the solution then you should give your site to a more secure host.