Skip to main content

Why you should change your login URL

Having a website can be scary at times; hackers and criminals always knocking at your door trying to get your information. If you have a WordPress website, that “door” is /wp-admin/ or /wp-login/ and it’s easy to find.

Closeup of "http://www." in web browser.

Changing Your Login URL

WordPress uses these URLs as the default when creating a website, so many websites share the same URLs and are well known within the web development community. If someone nefarious was looking to access your site, they’d know the first step would be to visit the /wp-admin/ or /wp-login/ of your website. After that, they could use a Brute Force Attack (an attack where someone uses a computer to guess your password repeatedly) to try to force their way in.  

By changing your default login URL, you make it more difficult for them to find that door – it’d no longer be at the front of your house but hidden somewhere else out of sight. Similarly, common access points like /phpmyadmin/ and port 2083 are also vulnerable and should be changed.  

Changing your default login URLs isn’t all that complicated. Many plugins like Solid Security Basic for WordPress allow you to do so without much hassle. Although it’s a great first step, it isn’t 100% foolproof. Hackers can still find your website login URL, and you better be prepared if they do. 

Staying Prepared & Preventing Hacks

Sometimes you have to go back to the basics, like using strong passwords (link to an article about using a password manager) and enabling 2FA (which you can read more about here). What you might not know is that some WordPress plugins can enable login attempt limits and blacklist (ban) certain users from even attempting to login. So, even if these hackers do find the hidden door, they need a password and confirmation from a trusted device to open it – and they would only get a few tries to do so before having to wait again. These plugins will even recognize “bad” users who have attempted do the same on other protected websites and blacklist them, so they may never even get the chance! 

Wrap Up

Changing your default login URL is a great idea and should be done, but it isn’t the be-all and end-all of website security. It’s important to make sure to continue using strong passwords, 2FA and security plugins. If you’re curious and would like to learn more, feel free to reach out and ask! The Dunham Group’s been around the block for over 25 years and knows a thing or two about web and IT security. 

Leave a Comment

Ready to reach more customers online? Tell us about your project and let's get started.

Request a Quote