There are a lot of different facets to making a website as secure as possible. One of the things that many people will tell you is important is ‘security through obscurity’. What we mean by this is that if you don’t know what software a site is running on, or where the login page is, then that is one extra thing you need to work out before you can begin to attack it.
When it comes to WordPress, one thing that you can do to follow this philosophy is to change https://yoursite/wp-login/ and https://yoursite/wp-admin/, the default pages for administering the site to have different addresses.
This isn’t something that we do by default with sites that we host, we rate limit login attempts and offer 2FA, but if you do want to change your /wp-admin address then it is very simple and easy to do.
There are two different ways to achieve the same thing. You can do it by editing functions.php, wp-config.php and .htaccess, or you can make life simple for yourself and use a plugin.
Actually… just use a plugin
We try not to recommend using plugins for too many things, but this is one time that we are going to. In this case there are several options that are light and regularly updated and just do one thing and do it well (which is exactly how plugins should be).
The plugin that we recommend is Change wp-admin login, it’s simple, regularly maintained and works.
- In your WordPress admin page, go to Plugins – Add New
- Search for “change wp-admin login”, the plugin you are looking for is by Nuno Morais Sarmento and will be in the top few results.
- Install and activate the plugin.
- Go to Settings – Permalinks in the left side menu, scroll down to the bottom and enter the word that you would like to replace /wp-admin with, you can leave the second field empty, and then Save.
That’s all there is to do, you are all set. You will probably be logged out and need to log in again at the new address.