Secure Your Login Page
Rarely is a hacking attempt personal. You might only run a small website for a boating club in your local village, but that doesn’t mean it will be safe from hackers.
Malicious bots sniff around the internet looking for vulnerabilities in websites and don’t discriminate. If they find that there’s a route past your WordPress login page, they’ll be infecting your files before you can say ”malware!”.
There are a few steps you can take to ensure your login page is safe from these kinds of attacks.
Mask Your Login URL
The first is using a plugin such as Defender to hide your login URL.
This makes it substantially harder for bots to carry out brute force attacks – if they can’t find your login page, there’s nowhere for them to try and crack your password.
It’s super easy to activate within Defender. Just choose a new slug for your login URL.
Masking URL slug
Choose the new URL slug where users of your website will now navigate to login or register.
Replace the default wp-login to custom slug below. For security reasons less obvious URLs are recommended as they are harder to guess.
New Login-url: example-login-url
Make sure you keep a secure note of your new URL!bots!
Redirect Traffic
Send visitors and bots who try to visit the default WordPress login URL to a separate URL to avoid 404s.
