What is Brute Force Attack?
A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN).
One of the most common types of hacking on WordPress is a brute force attack. In this kind of attack, a hacker attempts to try various combinations of usernames & passwords to get inside of your WordPress blog or use automated software to generate a large number of consecutive guesses as to the value of the desired data.
Especially when we all know that the common WordPress admin URL is “wp-admin”, any hacker can easily get started with brute force attacking.
List Of WordPress Security Plugin
- WPS Hide Login: is the simplest & most straightforward WordPress plugin for changing the admin URL. And With over 90,000+ this plugin has become most install security plugin for blogger
- ITheme security
There are many free security WordPress plugins out there that help you prevent brute force attacks. One major step you can take right now is by changing the WordPress admin URL or integrate some security feature in your blog . This way, hackers will not be able to find the login link or trying access wp-admin and this reduces the chance of getting attacked or hack
In this WordPress security series, I will be showing you how you can use two plugins to change your URL. One plugin is simply used to change the login URL of WordPress from a security perspective, and the other one is for improving the user experience.
At the end of this guide, I have also shared more useful resources that you can follow to improve the overall security of your WordPress blog.
So without further delay, let’s learn about some useful plugins to change the WP login URL.
How To Change WP Login URL with WPS Hide Login Plugin:
First I am starting with WPS Hde Login
You can install this plugin by searching for “WPS Hide Login” from your WordPress dashboard (here is the WP repo plugin page).
Once you have installed & activated the plugin, go to Settings > General to configure the options. Scroll down & at the bottom, you will see the option to configure the “WPS Hide Login” plugin.
You can put anything in the blank space & that will be your new login URL. For example, in the above screenshot, sharebloggingtips.ml/logmein is the new WordPress admin login URL.
If you are the only person handling your blog, you can use any word that you can remember or use something like “dakadaakwaibom” & save this unique login URL into your browser bookmark.
The idea is to make your login page hard to discover. This way, you improve your WordPress login page security to a great extent.
It doesn’t literally rename or change any files in the core, nor does it add rewrite rules. It simply intercepts page requests and works with any WordPress website.
If you are looking to do more than simply hardening your WordPress login page security, you should look for the below-mentioned solution. This one helps in better branding of your WordPress login & register page by giving them a memorable page URL.
Changing WordPress Login & Registration URL For Better Branding:
There are a few plugins that let you rename your WordPress login, register, password reset & logout URLs.
This is useful when you have a multi-author blog or are using WordPress in a way where multiple users need to regularly register or log in.
The most popular plugin is iThemes Security, however it’s not highly recommended as this plugin offers much more than just customizing the URL of your WordPress registration & login page.
The other plugin which is developed just for renaming WordPress admin login, registration & other pages is the Custom Login URL plugin. This is another simple to use plugin.
Once you have the plugin installed & activated, go to Settings > Permalink to configure.
You can rename the login URL, registration URL, lost password URL, logout URL & authentication redirects. Authentication redirects are the URLs which users will be redirected to after loggin in or logging out. A simple tweak in this area can be very effective for your WordPress blog branding & security.
From a security perspective, it’s a good idea to change your WP-admin login URL to make it hard for hackers to guess.
This will strengthen the security of your WordPress blog to a great extent. At the same time, if you are running a multi-author blog or using it in a way where you & others need to regularly interact with the login & registration page, use the other plugins to change the URL.
The second option is optional, however I recommend you implement the first option (change your wp-admin URL) right away for improved security.
My Best Security plugin:(1) WPS hide Login (2) wordfance plugin (3) ITheme Security plugin
I am sure this post help you to secure your wordpress blog if you have any problem setting up those plugin let us know by dropping comment on the comment box below
Author: Ubong Eshiet
Ubong Eshiet serial entrepreneur, a professional blogger and internet marketer, wordpress Developer and a passionate blogger and from Nigeria