I’m long overdue for improving my WordPress website security. With that said, I’m embarking on a journey to enhance my site security. Security implementation #1 is to protect my site against brute force attack . A brute force attack is when a hacker attempts to try various permutations and combinations of usernames and passwords to get inside of your WordPress blog. All WordPress websites have a common admin URL in the form of www.domain.com/wp-admin. Knowing this common URL makes it easy for a hacker to get started with brute force attack. Ok, enough blabbing … let’s get to work (follow my Github project for securing WordPress to see new implementations)
Step 1 – Download WPS Hide Login Plugin
WPS Hide Login plugin is an easy to use WordPress plugin for changing the admin URL. Search for “WPS Hide Login” from your WordPress dashboard, then install and active the plugin
Step 2 – Configure Login URL
Once you’ve installed and activated the plugin, go to Settings > General to configure the options. Navigate to the bottom of the General Settings page and you’ll see the option to configure the “WPS Hide Login” plugin.
You can put anything in the blank space and that will be your new admin login URL. Use your discretion when picking a new login URL so it can’t be easily guessed by a hacker, whiles at the same time not too complicated to the point where you’ll forget it.
