Securing WordPress - hiding and your wp-admin login page

So you’ve got a WordPress installation but you want to make it a little more secure?

You can hide your administrator login in a few simple steps…

This makes it a tad harder for unauthorised users to login to your WordPress administrator panel.

Login to your existing WordPress panel and on the left hand side select Plugins > Add New > Search

Look for WPS Hide Login

Select Install Now

Activate after installing

Now you’ll need to hit settings

Now you’ll see this page and you can start the very simple configuration.

Now type in anything you wish to “Login URL”

This will be your new login page in place of wp-admin you’ll type yoursite.com/secret-login-page instead or whatever you pick.

Then redirection URL you then set to a folder on your hosting such as 404, in that folder you’ll want to upload an index.php with any text you wish to display.

2 Likes

If you don’t feel a plugin is secure you can always just protect your wp-admin using .htaccess or by using the Security tool of our panel :slight_smile:

Head to your website, manage, left hand side select Security and add password protection.

Type in wp-admin

Choose a secure username / password

Now when users visit wp-admin they’ll get a dialogue requiring another login before your wp-admin will even load.

Input the correct information to gain access to your panel

Using 2FA is also an option with WordPress wp-admin login :slight_smile:

Using the same process as before login, plugins, add new and type Google Authenticator and choose this one pictured

Install and activate…

Pick a 2FA method that suits your needs…

Most people will have Google Authenticator if they own a smart device, if not then don’t worry there are plenty of free methods to pick from.

For this example I’ve picked Google Authenticator, on my smart device I’ve opened the app and scanned the QR code provided.

Now within the application I get the 6 digit code which changes regularly…

Now I’ve setup the plugin we can test it

Ensure to enable 2FA on login page

While logging in every time to wp-admin you’ll require your smart device to use the 2FA login method.