The article will discuss the two top best ways on how to hide WordPress login page from hackers in 2021:
Why We Need To Hide WordPress Login Page From the Hackers, Anyway?
Anyone who knows your site is built with WordPress can gain access to your WordPress admin login. Anyone can access your login page by simply adding ‘wp-login.php‘ to the end of your website’s URL.
This is extremely dangerous because obtaining the username and password is one of the most common ways of hacking your site.
If a hacker can get to the login page, it is not difficult for them to obtain your password; however, if this does not happen, hackers will be unable to do so.
Hackers launch a brute-force attack after reaching your login page. In a brute-force attack, hackers repeatedly try to guess your username and password.
They believe that if they try hard enough, they will be able to figure out the key combination. Hackers will have no chance of hitting and testing your logins if you cover your login page.
They do not, however, have to rely on brute force. If it gets their hands on your username/password right away, the.htaccess is a better way to protect your entrance page.
How to Hide WordPress Login Page With a Plugin
Using a plugin is a very easy approach for hiding your login page. There are many wordpress plugin which are useful to hide wordpres login page.
For the motive, WordPress has WPS Hide Login which is the best resolve and has good number of active installation.
It simply creates a custom URL for you and blocks all requests to the wp-login and wp-admin pages.
WPS hide login is a simple and fast method. You can complete the task in 2 or 3 seconds if you use the plugin.
Setting WPS Hide login only requires you to define a custom URL; the plugin will handle the rest.
If you are with a caching plugin, you will need to add the customized login page to the excluded caching list.
Is WPS hide login completely reliable for hiding the admin login Page?
Well, it is not enough. The plugin is workable against automatic brute-force. However, these are not the only tool for hackers to steal your username and password of WordPress.
What if a hacker is singularly focused? This is not safe in the case, With Support threads of WordPress hackers can reach your login page by its backdoor techniques.
- With Encoded URL (For Firefox)
- Through accessing /wp-admin/customize.php
This trick is also not a big issue and has a solution to get rid of it. For further security, you are required to make one step manually that restricts all the traffic to your login page.
Manually hiding WordPress admin login page with .htaccess
You can use a manual and best technique of .htaccess for achieving the goal. The two common methods to hide your login page with .htaccess are:
- With password access to the wp-admin
- With restricting access to wp-login by IP address
Both of the methods are from ‘https://codex.wordpress.org/Brute_Force_Attacks’. As they are approved from WordPress so they are completely reliable.
How to hide the WordPress login page with .htpasswd
In this way, anyone trying to reach your admin entrance will be notified with a prompt titled “Authentication required”.
Using .htaccess is not hard, You have to follow three steps:
Go to ‘https://hostingcanada.org/htpasswd-generator/’ and write your desired username and password.
Click on “Create .htpasswd file”. Your password will be encoded and the tool will show you the text to add to your .htpasswd file.
Save the text to a file named ‘.htpasswd’ and upload it to the root directory of your WordPress site. Save the text in a new notepad or similar thing. Make sure you have saved the file with the ‘All Files’ type.
Add the following code to the top of your existing .htaccess file (is located in the root directory of your SITE).
Remember to replace your Username as used in .htpasswrd file.
How to hide wp-admin login by IP address with .htaccess
Another tool of .htaccess for hiding your WordPress login is restricting through IP address. Only authorized users by you will see your login page and the rest will see ‘403 Forbidden error’.
This is a great way for security if you use WordPress on only one device.
To set the restriction, you are just required to add the following bit of code to the top of your .htaccess file. Also, you can find your .htaccess file in the root directory of your WordPress site.
Must replace “!^123\.123\.123\.123$” with the numbers of your IP address.
How to add multiple IP Addresses in the code
If you have to add more than one IP address, simply duplicate the line containing the IP address and replace the allowed IP addresses. (As in line with //)
That’s all is for the security and restriction that you can do with your WordPress website. If Still, you are not satisfied with the solution then you should give your site to a more secure host.
We hope this article helped you know about the top best ways on how to hide WordPress login page from hackers in 2021? If your answer is yes please don’t forget to share this article on your social media handles for other to learn too.
If you you have any difficulties in doing this please don’t forget to contact us by using the comment box below and we will be glad to help you.
See you soon!