How To Hide WordPress Login Page For Security Using WPS Hide Login
Do you want to hide the WordPress login page? Or don’t you know how to use the WPS Hide Login plugin? Keep reading this article!
WordPress is used by 75 million websites all around the world. It is one of the best, most simple, and most powerful CMS in the world. Unfortunately, due to that fact, hackers will try gaining access to your blog to redirect the users to another website, spread malware, or do anything they would like to do.
There are many WordPress security hacks, and WordPress security plugins are available to protect a blog. One famous and simple one is hiding the WordPress login page.
This post will show you how to hide the WordPress login page for security! This beginner-friendly and straightforward tutorial for WordPress beginners!
Why Hide WordPress Login Page?
By default, anyone with some knowledge can access the WordPress backend by typing /wp-admin/ at the URL’s end. This will bring them to the WordPress login page.
Some folks would use some bots to bypass the login page. From the author’s URL, they will know the username of your account. The next thing they need is a password. The software will be used for guessing passwords.
This is called the Brute Force attack, one of the most famous WordPress hacking techniques.
Advertisement (Login for an ad-free experience)
Continue Reading Below
To protect your blog against the Brute Force attacks, you could password-protect your WordPress admin directory or hide the WordPress admin directory. Hiding the login page is a simple method. You could save your blog from unwanted users and attacks.
Recommended Read: How To Schedule and Auto-Apply WooCommerce Coupon Codes?
Plugin Method Or Coding?
We could do the task using the WPS Hide Login. It is a famous and widely used free security plugin for WordPress. There is no need for coding or editing existing files. We can hide the page without modifying any files!
What Is WPS Hide Login?
WPS Hide Login is a free security plugin created by WPServeur.
Right now, the plugin is used by more than 400,000 WordPress blogs and has an excellent rating!
The plugin is also lightweight and will not compromise your website’s speed.
How To Hide WordPress Login Page?
Thankfully, the free WordPress plugin WPS Hide Login will make this task easier for beginners. Let’s see how to hide the login page with the plugin.
Total Time: 10 minutes
Advertisement (Login for an ad-free experience)
Continue Reading Below
Install WPS Hide Login
First, log in to your WordPress blog and add a new plugin section. Then search for WPS Hide Login. Once you find the plugin, simply install it on your blog.
Find the Plugins’ Settings
Now, you will see the pluginโs settings under the WordPress general settings.
Edit the URL
The first option will help us set a custom login URL for the blog. Then, they simply edit it with your new login URL.
Let me make it simple. Letโs say that you need a new WordPress login URL, like example.com/custom. In that scenario, make the changes like this:
Set up the Redirection URL and Save It
Alright. Now, letโs move to the next section. The redirection URL will be the landing page when someone tries to access your wp-admin page via example.com/wp-admin.
Usually, most folks will leave it blank because it will be redirected to a 404 page. However, you could turn all traffic to your created custom landing page.
Advertisement (Login for an ad-free experience)
Continue Reading Below
Ready to move on? Simply save the changes.
Save Your New Login URL
Now, WordPress will show you a reminder with the new login page. You may want to consider bookmarking the page for easy access.
Test the Feature
When a user tries to access the login page via /wp-admin, they will be redirected to the URL we have added in the plugin settings. For example, In our case, we have added a 404 URL. As a result, the user will be landed on a 404 page.
Enter the New Login URL
You may want to enter our secret login URL to access the login page. It will probably be redirected to the WordPress login page.
What If You Forgotten the Login URL?
Thereโs nothing to worry about. Take it easy.
When you forget the custom login URL, you will be locked out of the WordPress admin area. You wonโt be able to log in to your blog due to that. Deactivating the plugin will bring the default login page if you are in this situation.
You can use CPanelโs file manager or an FTP client such as FileZilla. FTP is a simple way for it. All you need to do is, connect the FTP client to your WordPress blog. If you donโt have an FTP account, simply create one!
Open Plugins Directory
Go to the /wp-content/plugins/ย directory.
Advertisement (Login for an ad-free experience)
Continue Reading Below
Supply:
- Nil
Tools:
- Nil
Now, you can access the WordPress admin page via example.com/wp-admin.
Simple, isnโt it?
Finally, we successfully hid our WordPress login URL and replaced it with a new one. This method is highly recommended and also essential these days.
Method 2: WP Hide & Security Enhancer
Another plugin available is WP Hide & Security Enhancer in the WordPress plugin repository. Check out this plugin if you are interested in more than just hiding your WordPress admin page.
Log in to your WordPress blog and add a new plugin section. From there, you can install the WP Hide & Security Enhancer plugin on your site.
Advertisement (Login for an ad-free experience)
Continue Reading Below
Once you have installed the plugin, you will need to activate it.
From the plugin settings, you can change the admin URL.
Once you have saved the settings, you are good to go. One good thing about this plugin is that we can reset all the plugin settings without accessing the pluginsโ files via FTP. Instead, you will see a custom link for resetting the current configuration on the pluginsโ settings page.
You need to save the link in a safe place. We recommend creating a text document and pasting the reset link inside it.
Method 3: Hide My WP Ghost
Hide My WP Ghost is a freemium WordPress security plugin. Like every freemium product, the free version plugin is available on the WordPress plugin repository. You will need to install it on your blog.
Activate it after installing.
You can see the pluginsโ settings on the left-hand side.
From there, choose the Change Paths option. From there, we will be able to modify the default WordPress paths. The first thing you need to do is, hide the WordPress admin page.
Advertisement (Login for an ad-free experience)
Continue Reading Below
You can add a new custom login path for your WordPress admin from the login settings.
Save the new WP login path, and you are good to go. From now on, this will be your WordPress admin path.
If you need a complete premium plugin for changing the WordPress login path, check out Perfmatters.
Bonus: Password Protecting The WordPress Admin Directory
Instead of hiding your WordPress admin folder, you can password-protect it using a straightforward method. It will help us to prevent unauthorized visits to our WP-admin page. Only your staff editors/ administrators can access the admin page using a unique username and password.
This section will show you how to password-protect the WordPress admin directory and add more protection.
The first thing you need to do is, go to this htpasswd generator.
By entering your username and password, you can create a .htpasswd file.
The system will generate a custom .htpasswd file for you.
Advertisement (Login for an ad-free experience)
Continue Reading Below
Now, we need to add this code to our core. You can use an FTP client or any file manager plugin to access your website files. In our case, we will use a file manager pluginย for managing our files. Once you have installed and activated the plugin, go to the /wp-admin/ folder.
Create a new folder. You can call it passwd or anything you like. After creating the directory, open it and create a new .htpasswd file. Then, paste the code we generated using the .htpasswd file. If you cannot create a .htpasswd file through the plugin settings, you can create one manually using any code editors and upload it to the server.
Come back to the wp-admin folder and create a new .htaccess file there. Once you have completed a file, open it and paste the below code.
[github gist=”be98c1381ee92ae29d76a2d7e3fbf769″]
You must edit the path to your .htpasswd file and username when you paste it.
Save the file. And once you have checked your WordPress admin page from a private window, you can see that we have protected it using a username and password!
Sometimes, you will get too many redirect issues after pasting the .htpasswd code. To fix that issue, paste the below code to your .htaccess file.
[github gist=”d1c7ccaa1ffff86b8b4945848f1ed418″]
Advertisement (Login for an ad-free experience)
Continue Reading Below
Once you have password-protected your WordPress admin directory, the AJAX function won’t work in the front end. Some of your Slider plugins/ contact form plugins will use the AJAX feature. To fix it, copy the code below, open the /wp-admin/ folder, and paste it into your .htaccess file.
[github gist=”a2911241ee058cc73e562e3676d060d5″]
Remember that we will be pasting this code to the wp-admin .htaccess file. Not the default .htaccess file.
Some WordPress hosting companies like Kinsta got this feature by default. So when you are hosting your site on Kinsta and need to password protect your WordPress admin folder, you can do it from your account dashboard. No need to rely on any extra tools.
NOTE: There are some premium services available for securing your WordPress site. If you are into security and protection, check out Sucuri, Wordfence, iThemes security, etc. These plugins got so many options for securing your WordPress installation.
Conclusion
This is how you can protect or hide the WordPress login page for better security. As you can see above, we can completely conceal our admin page from the outer world with a plugin like WPS Hide Login. No coding, no editing files, or anything. A complete beginner-friendly method.
Just hiding the WordPress admin page is not good enough to protect your site. In that case, you need to make sure you are using a security plugin, doing regular updates, taking complete website backups, using a secure web hosting company, and a CDN (Content Delivery Network).
In our case, we highly recommend Sucuri as your security solution. This is because it has many features like free CDN and WAF (Web Application Firewall).
Advertisement (Login for an ad-free experience)
Continue Reading Below
Frequently Asked Questions
Some of the frequently asked questions regarding hiding the WordPress admin directory and basic WordPress security are:
Why Protecting WP-Admin Is a Good Idea?
WordPress is a popular CMS, and most hackers are targeting it. To protect your work, we recommend hiding your WordPress admin page or password-protecting it.
Do We Need To Use Premium Plugins?
You can hide your WordPress login page using any free plugins mentioned in this article.
We hope you found this post helpful and enjoyed the read. Please consider sharing this post with your friends and fellow bloggers on social media if you do. For more blogging-related posts, you need to check out our blog section. Check out our WordPress archives for more WordPress tutorials, theme reviews, and plugin reviews.
About the Author
With over 4 years of working as a WordPress content writer, I love bringing insightful and helpful tutorials to BlogHeist readers. I mainly write about how-to guides on WordPress and cover in-depth product reviews.
Did you find the article useful?
Then pin me to your Pinterest Board, so that more people will find me
(Remember: The more you give to the Universe, the more you will get from the Universe)
So, Pin meEnter your Email Address below and be the FIRST to receive our Blogging Tips.
Reader Interactions
Comments
Leave a Reply Cancel reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Marina says
Thank you Christina for this article. I found it when searching for a solution for my site.
I use wp Hide Login and never had any problem with it.
I have now created a form where visitors to my site can sign up and fill out details in a long-form that generates a page on my site automatically. All I have to do is edit the details a bit and confirm the publication of the page on the site.
But I have a problem: after the surfer registers, he can not login to the site to fill in the details on the form, because of the WP Hide login that causes the surfer to reach page 404.
Do you have an idea how to work around this issue without compromising the security of the site?