A while back I wrote about 7 Awesome WordPress Plugins. Most of those still rank amongst my favourites. Today, I’m going to talk about one not mentioned in that post, which could easily be added to make it an even eight.
WPS Hide Login, programmed by WPServeur, is “a very light plugin that lets you easily and safely change the URL of the login form page to anything you want.”
Why would you want to change that URL? In one word: Security.
Keeping it safe
If you’re familiar with using WordPress, you’ll know that, to log in to the admin area, you normally go to a web address like yourdomain.com/wp-admin or yourdomain.com/wp-login.php. That’s the default login page for all WordPress sites. It’s a pretty easy URL for you to remember. Unfortunately, it’s also easy for hackers to find.
Brute force attacks
A common method for hackers to get into the admin area of your WordPress site is by a process known as “brute force attacks.” Essentially, they run a program to generate a huge number of possible usernames and passwords until finding the set that matches to allow them entry to your site. Of course this would be a daunting task if doing it manually, but with the speed that computers can sequentially generate character combinations, it’s doable.
Sure we can make our password long and complicated. That definitely helps to thwart the hacker’s process. It’s also highly recommended to use something other than “admin” as your username. That’s the first thing a hacker would guess as your ID. Using both of these techniques will make it more difficult to break in to your site.
However, if the hacker doesn’t even know what URL to begin a brute force attack from, life will be infinitely more difficult for them and they will likely give up the attempt.
You pick your login URL
So, instead of using the aforementioned default login URL, you can make up any page name you want. The domain (e.g., yourdomain.com) will remain the same, but you can choose anything you want to go after the slash (and before the “.php”). I wouldn’t recommend something too simple and easy to guess, e.g., loginpage.php. Throw in a number and/or a hyphen to mix things up a bit. e.g., johnnys-entry-point-99.php. Use your imagination. It doesn’t have to make sense. In fact, even better if you can use a completely random group of numbers and letters, e.g., u7s9we23ih29-gh33.php. You probably wouldn’t remember that, but of course you can bookmark it (and/or save it in a secure place).
After you install and configure this excellent plugin on your WordPress site, you should notice very few, if any, malicious login attempts. It’s no wonder more than 600,000 people have downloaded the plugin and why it has received a 5-star rating.
Be safe!