Do you want to hide the WordPress login page? Or don’t you know how to use the WPS Hide Login plugin? Keep reading this article!
WordPress is used by 75 million websites all around the world. It is one of the best, simple and powerful CMS in the world. Due to that fact, hackers will try gaining access to your blog to redirect the users to another website, spread malware, or anything they would like to do.
There are so many WordPress security hacks, and WordPress security plugins are available for protecting a blog. One famous and simple one is hiding the WordPress login page.
This post will show you how you can hide the WordPress login page for security! The beginner-friendly and straightforward tutorial for WordPress beginners!
Why Hide WordPress Login Page?
By default, anyone with a bit of knowledge can access the WordPress backend by typing /wp-admin/ at the URL’s end. This will bring them to the WordPress login page.
Some folks would use some bots for bypassing the login page. From the author URL, they will know the username of your account. The next thing they need is a password. The software will be used for guessing passwords.
This is called the Brute Force attack, one of the most famous WordPress hacking techniques.
For protecting your blog against the Brute Force attacks, you could password protect your WordPress admin directory or hide the WordPress admin directory. Hiding the login page is a simple method. You could save your blog from unwanted users and attacks.
Recommended Read: How To Schedule and Auto-Apply WooCommerce Coupon Codes?
Plugin Method Or Coding?
We could do the task using the WPS Hide Login. It is a famous and widely used free security plugin for WordPress. There is no need for coding or editing existing files. We can hide the page without modifying any files!
What Is WPS Hide Login?
WPS Hide Login is a free security plugin created by WPServeur.
Right now, the plugin is used by more than 400,000 WordPress blogs and have an excellent rating!
The plugin is also a lightweight one that will not compromise your website’s speed.
How To Hide WordPress Login Page?
Thankfully, the free WordPress plugin called WPS Hide Login will make this task easier for beginners. Let’s see how to hide the login page with the plugin.
Installation and Activation
First of all, log in to your WordPress blog and add a new plugins section. Then search for WPS Hide Login. Once you found the plugin, simply install it on your blog.
Once you got installed it, activate the plugin.
After installing the plugin, you could see the plugin’s settings under the WordPress general settings.
Go to the WordPress General settings now.>/div>
Let me make it simple. Let’s say that you need the new WordPress login URL, something like example.com/custom. In that scenario, make the changes like this:
Alright. Now, let’s move to the next section. The redirection URL will be the landing page when someone tries to access your wp-admin page via example.com/wp-admin.
Usually, most folks will leave it blank because it will be redirected to a 404 page. If you want, you could redirect all traffic to a custom landing page you’ve created.
Now, WordPress will show you a reminder with the new login page.
You may want to consider bookmarking the page for easy access. From now on, when a user tries to access the login page via /wp-admin, they will be redirected to the URL we have added in the plugin settings.
For example, In our case, we have added a 404 URL. As a result, the user will be landed on a 404 page.
To access the login page, you may want to enter our secret login URL. Probably it will be redirected to the WordPress login page.
Simple, isn’t it?
Finally, we have successfully hidden our WordPress login URL and replaced it with a new one. This method is highly recommended and also essential these days.
Have You Forgotten The Login URL?
There’s nothing to worry about. Take it easy.
When you forget the custom login URL, you will be locked out of the WordPress admin area. You won’t be able to login to your blog due to that. If you are in this situation, deactivating the plugin will bring the default login page.
Using cPanel’s file manager or an FTP client such as FileZilla, you will be able to do it. FTP is a simple way for it. All you need to do is, connect the FTP client to your WordPress blog. If you don’t have an FTP account, simply create one!
Go to the /wp-content/plugins/ directory,
Find the WPS Hide Login’s plugin folder.
Delete it from the blog.
Now, you can access the WordPress admin page via example.com/wp-admin. Another best practice for securing the blog is by password protecting the WordPress admin directory.
Method 2: WP Hide & Security Enhancer
There’s another plugin available called WP Hide & Security Enhancer in the WordPress plugin repository. If you are interested in more than just hiding your WordPress admin page, check out this plugin.
As usual, log in to your WordPress blog and add a new plugins section. From there, you can install the WP Hide & Security Enhancer plugin on your site.
Once you have installed the plugin, you will need to activate it.
From the plugin settings, you can change the admin URL.
Once you have saved the settings, you are good to go. One good thing about this plugin is, we will be able to reset all the plugin settings without accessing the plugins’ files via FTP or something. You will see a custom link for resetting the current configuration on the plugins’ settings page.
You need to save the link in a safe place. We recommend creating a text document and pasting the reset link inside it.
Method 3: Hide My WP Ghost
Hide My WP Ghost is a freemium WordPress security plugin. Like every freemium product, the free version plugin is available on the WordPress plugins repository. You will need to install it on your blog.
Activate it after installing.
You can see the plugins’ settings on the left-hand side.
From there, choose the Change Paths option. From there, we will be able to modify the default WordPress paths. The first thing you need to do is, hide the WordPress admin page.
You can add a new custom login path for your WordPress admin from the login settings.
Save the new WP login path, and you are good to go. From now on, this would be your WordPress admin path.
If you need a complete premium plugin for changing the WordPress login path, check out Perfmatters.
Bonus: Password Protecting The WordPress Admin Directory
Instead of hiding your WordPress admin folder, you will be able to password protect it using a straightforward method. It will help us to prevent unauthorized visits to our WP-admin page. Only your staff editors/ administrators can access the admin page using a unique username and password.
In this section, we will show you how you can password protect the WordPress admin directory and add more protection.
The first thing you need to do is, go to this Htpasswd generator.
By entering your username and password, you can create a .htpasswd file.
The system will generate a custom .htpasswd file for you.
Now, we need to add this code to our core. You can use an FTP client or any file manager plugin for accessing your website files. In our case, we will be using a plugin called File Manager for managing our files. Once you have installed and activated the plugin, go to the /wp-admin/ folder.
Create a new folder. You can call it passwd or anything you like. After creating the directory, open it and create a new .htpasswd file. Paste the code we generated using the .htpasswd file. If you cannot create a .htpasswd file through the plugin settings, you can create one manually using any code editors and upload it to the server.
Come back to the wp-admin folder and create a new .htaccess file there. Once you have completed a file, open it and paste the below code.
When you paste it, you will need to edit the path to your .htpasswd file and username.
Save the file. And once you have checked your WordPress admin page from a private window, you can see that we have protected it using a username and password!
Sometimes, you will get too many redirects issue after pasting the .htpasswd code. For fixing that issue, paste the below code to your .htaccess file.
Once you have password-protected your WordPress admin directory, the AJAX function won’t work in the frontend. Well, some of your Slider plugins/ contact form plugins will use the AJAX feature. For fixing it, you need to copy the below code, open the /wp-admin/ folder, paste it on your .htaccess file.
Keep in mind that we will be pasting this code to the wp-admin .htaccess file. Not the default .htaccess file.
Some WordPress hosting companies like Kinsta got this feature by default. So when you are hosting your site on Kinsta and need to password protect your WordPress admin folder, you can do it from your account dashboard. No need to rely on any extra tools.
NOTE: There are some premium services available for securing your WordPress site. If you are into security and protection, check out Sucuri, Wordfence, iThemes security, etc. These plugins got so many options for securing your WordPress installation.
This is how you can protect or hide the WordPress login page for better security. As you can see above, with a plugin like WPS Hide Login, we will be able to completely conceal our admin page from the outer world. No coding, no editing files, or anything. A complete beginner-friendly method.
Just hiding the WordPress admin page is not good enough for protecting your site. In that case, you need to make sure that you are using a security plugin, doing regular updates, taking complete website backups, using a secure web hosting company, and also a CDN (Content Delivery Network).
In our case, we highly recommend Sucuri as your security solution. It comes with many features like free CDN and WAF (Web Application Firewall).
Frequently Asked Questions
Some of the frequently asked questions regarding hiding the WordPress admin directory and basic WordPress security are:
Why Protecting WP-Admin Is a Good Idea?
WordPress is a popular CMS and most hackers are targeting it these days. So protecting your work, we recommend hiding your WordPress admin page or password protecting it.
Do We Need To Use Premium Plugins?
You can hide your WordPress login page using any free plugins we mentioned in this article.
Hiding WP-Admin Enough For The Security?
You will need to be in a secured hosting environment. Also, consider using a dedicated security plugin like Sucuri or iThemes security.
Will It Affect Your Frontend?
No. It will not affect your frontend or users. You can provide a good user experience.
We hope you found this post helpful and enjoyed the read. Please consider sharing this post with your friends and fellow bloggers on social media if you did. For more blogging related posts, you need to check out our blog section. For more WordPress tutorials, theme reviews, and plugin reviews, check out our WordPress archives.
Related Articles You Might Like: