The simplest trick to secure your WordPress website

4 Min Read

WordPress is the most popular CMS on the planet. Hell yeah, it must be! It empowers more than 30 percent of the internet. That’s a good thing but this popularity made it vulnerable to malicious attacks. But every problem has a solution and where there’s a will there’s a way. There are many ways to make your website more secure. Today we’ll talk about hiding your website’s WordPress login page.

Why hide site login page?

Since the one-fourth of the internet is using WordPress and its login page is easy to find. The bots like to take their chances. If you have any module installed that tracks the number of blocked malicious login attempts on your site, you’ll notice at least 10,000malicious login attempts will be listed every year in general. These attempts do not happen everyday on a regular basis, rather you’d see hundreds or couple thousands attempts happening within a shorter period of time. There are many strategies to avoid such attacks but from my point of view, the best possible solution is to hide your login page. My logic is, if a bot can’t find the login page then they can’t make attempts right? So, let’s see how to do that.

How to hide site login page?

There are many plugins out there to help you hide the login page. The following ones are the most popular.

We’ll see step by step guideline on how to hide site login page with iThemes Security (since it’s the most popular one).

Step 1

Before we begin let me clear out one thing, there’s two version of iThemes Security one is pro and one is free. Both versions have almost the same features and we can hide WordPress admin login page with the free version. So we’ll go with that.

To download iThemes Security Free, search in WordPress plugin directory or just click HERE.

Now you need to install the plugin on your WordPress site. I guess you already know how to do that. But let’s do a quick recap. Go to your WordPress Dashboard > Plugins > Add New. Click on “Upload Plugin” at the top and then drag and drop the downloaded zip file. Now hit “Install Now” and finally activate the plugin after successful installation.

The clever way to escape all these steps is to go to WordPress Dashboard > Plugins > Add New and search for “iThemes Security” on the search box then hit “Install Now”.

Step 2

Now the actual process begins. From the WordPress Dashboard find “Security” and click on “Settings”. You’ll see a search box named “Search Modules”, type “Hide Backend” it will take you to the settings. Or, click on “All” and look for “Hide Backend” from the list.

Step 3

We need to enable the hide backend feature by clicking on the checkbox and then we’ll see the rest of the settings. The “Hide Backend” functionality will only work as long as this option is turned on from here.

Now we need to put the Login Slug in its text box. I’d recommend putting something that only you would understand like an acronym. For example, I’ve put “moclp” which means “My Own Custom Login Page”. The point is naming something that only I would understand. I advise you to do the same.

Step 4

Enable Redirection: You may want to allow redirection so that when anyone types wp-admin or wp-login.php that can be redirected to a 404 page or some other. If you don’t enable this option, the visitors will see a notice saying “This has been disabled.” when type wp-admin or wp-login.php.

Step 5

Redirection Slug: In this text box put the slug of your page which you want to be redirected. The default slug is “not_found” but I made a custom page saying “Better luck next time buddy :D” and put its slug here.

We’ve done our job here, now it’s time to save settings and see the action.

Note: This changes will not be effective until you clear your browser cache. One more thing may come in handy in case you still see the login page in “wp-admin” or “wp-login.php”. You need to change the default permalinks settings and it will go away.

Many will argue that “security through obscurity is not security”. But I disagree, my philosophy is if you cant see me, you can’t catch me. So, I’ll avoid bots and hackers as much as I can. I hope you learned a new trick today and please share your ideas and opinions with us as much as you can. And if you need a WordPress maintenance service, you can contact WP Buffs in this regard. You can also check this list of WordPress security plugins for more ways to protect your site. Thanks for reading!