One of the most essentials for running a WordPress website is to restrict the default wp-admin or Admin login URL to secure it against hackers. For instance, one of the most notorious types of hacking on the WordPress is the brute force attack. In this kind, the hackers try to attempt several ways of permutations and combinations of usernames and passwords to intrude into the WordPress Blog. Things become a lot more easy with the knowledge that the common WordPress admin URL is “wp-admin”, and thus any hacker can easily initiate the work with brute force attacking. So, there are a number of plugins available to restrain or change default/wp-admin url, but the best way recommended is by roping with a simple hook in php and .htaccess file.
Now, presenting the list of steps to change the admin url or wp-admin to safeguard the login:
- Add constant to wp-confing.php
- Add below filter to functions.php
- Add below line to .htaccess file under If Module mod_rewrite.c
- Restrict the /wp-admin URL:
The above-mentioned code enables the user to login the admin for new url, i.e. site.com/adminLoginUrl/. But even then, the wp-admin url is still visible and not blocked. For this, the user just needs to add the code below to restrain the URL: site.com/wp-admin. So, if any user would not access via/wp-admin url, it will redirect to 404 page.
- Restrict the /wp-loging.php file:
Now, if any user tries to access , via /wp-login.php url, it will show 404 pages.
Thus, the user has succeeded in changing the wp-admin login url, by following these consecutive steps.