The short answer is to install, activate, and configure the Better WP Security WordPress plugin.
What We're Doing
With Better WP Security, you'll be able to change:
- /wp-login.php to /login/
- /wp-admin/ to /admin/
- /wp-login.php?action=register to /register/
- Or to whatever slugs you choose in the plugin settings
Warnings
Compatibility might be an issue. Make sure to read and understand all the Better WP Security options before changing any settings. Talk to your web host or developer before continuing if you know you have an unusual setup but aren't sure how it may be affected by this plugin. I tested withWP Engine and didn't have any issues. Follow the plugin author's recommendation and read the Better WP Security Installation Tips and FAQs.
If you already have the site added to ManageWP Dashboard, you'll need to update your ManageWP options, but it's quick and easy. Also, please read the ManageWP "Known Issues", which mentions one of features of the Better WP Security plugin.
Continue reading for all the step-by-step instructions for Better WP Security and updating the ManageWP Dashboard options.
Step By Step Instructions
You really should change your login URL (and by login URL I mean the URLs for logging in, registering, and administration). Here's how to do it:
Step 1: Take a Full Backup
Duh. Do it with ManageWP. Take a full backup, not just a database backup. Like all backups, verify it's completed and in your desired location before proceeding to the next step.
Step 2: Install and Activate the Better WP Security plugin
I've looked long and hard for a "hide login" plugin and there weren't many quality choices. And the aptly named Hide Login plugin did not work for me (thank God I was on a WP Engine staging sitebecause I got totally locked out). And there used to be a plugin called Stealth Login which no longer exists.
At the recommendation of several WordPress gurus, I tried Better WP Security for this purpose alone (although it has a bunch of great features), and it worked like a charm right from the start.
Step 3: Setup the Better WP Security Plugin
Once the Better WP Security plugin is installed, follow these steps:
- Open the plugin's wp-admin options page.
- Follow the first 3 setup steps as shown in the screenshots below:
- Make your backup selection.
- Allow the plugin to change WordPress core files (read the warning first).
- Click the "Secure My Site From Basic Attacks" button.
- Click the "Hide" tab.
- Check the "Enable Hide Backend" box.
- Enter your desired login, register, and admin slugs or leave them at the plugin's defaults of "login", "register", and "admin".
- Click "Save Changes".
- Don't forget your new URLs, especially the login URL! You might want to write them down somewhere until you get used to them. Or never need to remember the login URL if you use an auto-login tool like ManageWP (additional steps follow).
Screenshots of each step above are shown below:
Initial Setup Page. Select the backup option you think best. (If you've already created a backup with ManageWP, you can skip this backup.)
Setup step 2. Read the instructions and, in general, click to allow changing WordPress core files.
Setup step 3. In general, click the option to allow the plugin to activate its default security settings, since this plugin does more than just change the login URL.
After clicking the "Hide" tab at the top, check the box to enable the feature. Change the text boxes as you desire. Then click "Save". (Don't worry; you won't get logged out upon saving.)
After saving once, you'll be able to uncheck the box if you want to turn the feature off, or you can leave it checked and just change the login URLs anytime you want.
Step 4: Add (or Re-Add) your Site to the ManageWP Dashboard
If you use ManageWP for the site you've changed the login URL for, follow these steps:
- Login to your ManageWP Dashboard.
- Hover over the site you changed the login URL for.
- Click "Options".
- Change the "Website Admin URL" option from .../wp-admin/ to .../login/ (or whatever you changed it to).
- Click "Save Changes" and the window will auto-close after a green "Options Updated" message is displayed for a second or two.
- Hover over the site again and click the "Open admin here" or "Open admin in new window" to make sure ManageWP can auto-login for you at the new URL.
- If you were able to login via ManageWP Dashboard, you're all done.
Screenshots of each step are below:
If using ManageWP, go to your ManageWP Dashboard, hover over the site, and click "Options".
At the site's ManageWP Options pop-up, you'll see your current login URL.
Change the login URL to your new login URL and click "Save Changes".
Make sure the ManageWP Dashboard can auto-login for you still by hovering over the site you just updated the options for and click one of the Open Admin options to see if it works.
How the Better WP Security Plugin Changes the Login URL
For some, you might not care how it works; for others, you may want to know all the details. Let's just say it's the magic of the .htaccess file.
Without getting too technical, the plugin adds about 30 lines to the top of your main WordPress .htaccess file. That's really all the magic that's needed to change the login URLs.
Note: Neither the wp-login.php file nor the wp-config.php file is modified, moved, or renamed.
If you're a developer looking to learn all the ins and outs of .htaccess files and rules, consider purchasing the .htaccess made easy eBook. To be clear, no knowledge of .htaccess is needed to use the Better WP Security plugin.
More About Better WP Security
The Better WP Security plugin has a lot of features, just one of which is the ability to hide the WordPress login, register, and admin URLs. Here are a few of the additional features included in this free plugin:
- Additional "security through obscurity" options
- Change the current WordPress database prefix
- Rename the default "admin" username
- Change the ID for the user with ID 1
- Removes login error messages (so bad login attempts don't get a hint whether it was the username or the password that was incorrect)
- Logs 404 errors, bad login attempts, and changes to files
There are many more benefits of using the Better WP Security plugin, and it even works on single sites and Multisite.
Read more about its features at its WordPress plugin page and give it a good rating if it worked well for you.
No comments:
Post a Comment