Protecting your website from prospective hackers is extremely important, especially if you have a WordPress website. According to a survey, 13,000 WordPress websites are breached daily. Hackers use different ways to break into your site. You probably implement various security measures, but ask yourself, where should I redirect hackers in WordPress attempting to access wp-admin page?
Here are some possible hacking attempts:
- They may target your wp-config file.
- Using a malicious plugin they may break into your WordPress site.
- They may jump straight to your WordPress admin page and attempt a brute-force attack.
I will talk about point number three. In this step-by-step guide, you will learn how to deal with wp-admin hacking attempts.
Where Should I Redirect Hackers Attempting to Access Wp-Admin?
A powerful and often overlooked method to deter hackers from gaining access to ‘wp-admin’ is through strategic redirection. Instead of leaving the default login page open for anyone to exploit, you can redirect unauthorized users to another location.
By implementing redirection techniques, you can confuse hackers, making it significantly difficult for them to locate the ‘wp-admin’ page and launch their attacks.
But the main question is, where to redirect hackers attempting to access the wp-admin page?
There are three places where you can redirect hackers.
- A 404 page
- A page that warns the hacker that an unknown file type will download on their computer.
- A page asking for donations.
The most obvious choice is number 1. However, it won’t hurt to scare the hacker if you use the second or third tactic. But chances are that experienced hackers will not fall for it.
How Do We Hide or Change the Path of Wp-Admin to Redirect Hackers in WordPress?
Now comes the important part. That is learning how to protect your admin page and redirect hackers.
I will guide you through step-by-step instructions on how to set up effective redirection measures, irrespective of your technical expertise. We will explore various methods, including:
- Editing the wp-login.php file
- WordPress plugins
It will ensure you have the necessary knowledge to safeguard your website and maintain its integrity.
How Do I Change a WordPress Login URL Using a Plugin?
To hide or change the path of wp-admin in WordPress, you can use various security plugins that offer this feature. One popular plugin that allows you to do this is “WPS Hide Login.”
Here’s how you can use it:
Install and Activate the Plugin:
- Log in to your WordPress dashboard.
- Go to “Plugins” > “Add New.”
- Search for “WPS Hide Login.”
- Click “Install Now” and then “Activate” the plugin.
Configure the Plugin:
- After activating the plugin, go to “Settings” > “WPS Hide Login.”
- Set the new login URL (e.g., /my-login-url) under “Login URL.”
- Enter the desired login URL path you want to use.
- Click “Save Changes.”
Test the New Login URL:
- Once you have saved the changes, log out of your WordPress dashboard and open a new browser.
- To access the login page, use the new custom URL you set (e.g., https://www.yourwebsite.com/my-login-url).
- Also, verify that the previous URL login is not working.
Although this plugin successfully alters the login URL path and can assist in preventing automated assaults, it is not a replacement for putting other security measures in place. Such as:
- Using strong passwords
- Enable two-factor authentication
- Maintain your plugins and WordPress core updates
How Do I Change a WordPress Login URL Without a Plugin?
To change the WordPress login URL without using plugins, you can modify the site’s wp-login.php file in your theme.
Before making any changes to your site’s files, create a backup of your website to avoid potential issues.
Here’s a step-by-step guide on how to achieve this:
1.) Login to your sever
Login to your hosting server to access the WordPress core files. Find and download the wp-login.php file to save a backup on your computer. You can also duplicate the file and rename it, if you don’t want to download it.
2.) Rename the file
Rename the wp-login file to the URL you want you new WordPress admin page to be. For example, it can be “my-new-login.php”
3.) Replace the wp-login.php string
After you have renamed your file, open it and do a search for wp-login.php. Now, what we have to do is replace this string with the new WordPress admin url. So, wp-login.php should be replaced with my-new-login.php.
You can do a find and replace all. If your server file editing does not have the find and replace all method, copy the code and open it in a code editor, make the changes, copy and paste the code in the file on the server, and save the changes.
4.) Test your new login
In a new browser type in your new website admin url and it should display the admin login page. Make sure that the old wp-admin URL is no longer working. It should redirect to a 404 error page.
If you see any error, this means there is an issue with your code. If you can’t find the problem, delete the file and upload the backup wp-login file you downloaded in step 1. For this reason, it is best to go with a plugin instead of custom coding.
Plugin vs Custom Code to Redirect Hackers in WordPress
You might be wondering what is the best approach. Should you use a plugin to redirect hackers in WordPress or should you custom code it. The answer is simple, use a plugin.
Yes, not all plugins are good but if you install and activate a reliable plugin, your website is safe.
| PLUGIN | CUSTOM CODE |
| Easy to work with. Simply install and activate the plugin. | You need to create a backup first and download the wp-login.php file separately. |
| Using a plugin is considered a best practice | Not a best practice to hack the core files |
| Trust worthy plugins can get the job done without compatibility issues | You may run into plugin compatibility issues if they contain code related to wp-login.php |
| You can quickly create a redirect. | You need to make sure you are careful when updating the core files. It may take time if you are not an experienced developer. |
These are just a few difference I wrote. An in-dept analysis would provide more reasons why you should go with a plugin.
How Many of You Change the WordPress Admin URL To Something Else?
Changing the WordPress admin URL is a basic security measure that everyone ignores. It is one of the widely recommended methods to strengthen WordPress security. Changing the default ‘wp-admin’ URL to something unique makes it harder for hackers to predict your WordPress admin login page.
Some WordPress users have successfully changed their WordPress admin URL and redirected hackers to another page.
4 Reasons to Change Your Admin Login Page and Redirect Hackers in WordPress
If you are not updating your WordPress login page or believe this isn’t a good security practice, think again.
Here are four reasons why you should change your wp-admin login URL and redirect hackers.
- It reduces the load on the site because the default location doesn’t get hit by so many bots.
- The number of fake login attempts decreases.
- It will stop novice hackers from attempting to break your site.
- It eliminates a good amount of brute-force attacks.
Conclusion
In today’s digital age, website security is paramount. With the ever-increasing threat of cyber attacks, website administrators must protect their online assets.
Among the most common targets for hackers is the ‘wp-admin’ login page of WordPress sites. This dashboard is the gateway to a website’s backend. Unauthorized access can lead to disastrous consequences, ranging from data breaches to complete site takeover.
WordPress is secure out of the box, but the security measures are not enough to stop hack attempts. By implementing this simple solution, you can effectively redirect hackers in WordPress.