Home / Blog / How To / How To Hide Your WordPress Login Page To Make The Site More Secure?

How To Hide Your WordPress Login Page To Make The Site More Secure?

Running a WordPress website can sound like running a platform for envious logging attempts. As WordPress is a big platform of customization, it is typically vulnerable to different forms of attacks, including brute-force attacks, SQL injections, and unauthorized logins.

Don’t worry. There are several ways to increase the protection of your website. Hiding your URL on your login page is one of the powerful security strategies that can help keep hackers out. This means people are less likely to gain access to your site unless you want them to.

Well, in this tutorial, we will go through the ways to hide your WordPress login page in order to protect your site from hackers and malicious bots.

So, Let’s begin!

Why Should You Hide Your Site Login Page?

Whether your website is big or small, if you allow users to log in to your site, your intention will be to easily find your login page so that your users can quickly access it. From this perspective, This strategy won’t succeed for you. In this circumstance, you have to do other things to protect your website from fraudulent attempts at signing in.

On the other hand, suppose your site is not a membership site. It means login attempts for your site are limited to fewer user roles (such as admins, authors, editors, and contributors). In this situation, you need to hide the login page to minimize the number of unauthorized login attempts.

Now, let’s find out how to do that.

Methods of Hiding Your WordPress Login Page To Prevent Envious Login Attempts

There are three methods you can use to hide your WordPress login page with the help of a plugin or without a plugin or using the .htaccess file from your WordPress directory. You can choose any one of them that you want.

Shortly, The three ways of hiding your WordPress login page are –

1. Using a plugin to hide your login page
2. Hide the login page Manually
3. By modifying your .htaccess file from your WordPress directory

Method 1: Hide Your WordPress Login Page Using a plugin

The easiest solution to hide the login page is to use a plugin. There are lots of free plugins you will get to secure your website. From them, we will recommend you use the WPS Hide Login as it does not change the core files of your website.  Moreover, it is a lightweight plugin that gives regular updates from the developer.

Now, to hide the login page first, you will need to download the plugin from the official WordPress plugin repository. OR, you can download this plugin from your WordPress dashboard. To do this, you need to log in to your website and then search for the plugin by its name from the plugin library. Next, you have to install and activate the plugin on your site.

Now, after activating the plugin go to Settings → WPS Hide Login in your dashboard.

Next, you need to scroll down to the bottom of the page where you will find a new section named “WPS Hide login“. Here, you will find a box labeled Login URL. On it, you can create a new Url for your login page by writing something random combination of letters and numbers. You have to remember to use something that is not easy to guess. 

Once you change your login URL, then click on the Save button to save the changes you have done.

Method 2: Hide the WordPress Login page With Manually

With this method, you will hide your login page without using any plugins. 

For this, we will advise you to backup your whole site as you need to edit your core files in this method.

Now, first, access your WordPress Installation file through Cpanel such as FileZilla or hPanel. Then search the wp-login.php file from your directory file.

Next, open the file and copy all the code to your clipboard. Then, create a new .php file and paste the code that you copied. Now save the new file with a new name.

After saving it, now you need to open this file again and search for every instance of “wp-login.php” in the file and replace it with your new file name. To find and replace you can press ctrl+h from your keyboard.

Now the last step of this method is to upload the new login file to your server. To do it, you need to log in to your server again and upload the new file to your server. Then delete the original file(wp-login.php) from your server. 

Now, you can check your new login URL from your browser. It means those who are visiting your site with your old login Url will face an error.

    

Method 3: Hide WordPress Login Page Using .htaccess

Instead of the above two methods, you can also hide your WordPress login page by using your site’s .htaccess file. It’s a way to generate a pop-up whenever anyone wants to sign in to your WordPress website. During the login attempt, the pop-up will see in your browser every time.

If you are a non-technical person, it is a little bit hard to apply this method to hide your login page.

In this method, first, you need to go to Htpasswd Generator and put your username and password in the Username and password box. Here you can put any name and password you want to use. Next, you need to click the Create .htpasswd file button to create the .htpasswd entry. Once you click on it, it will encode the password automatically and send you the text to add to the.htpasswd file.

Now, create a new file named as.htpasswd and put the encoded text on it. After that, save it by choosing the All files option. In this step, you make sure that you have to upload it to the root directory of your WordPress site.

After that, open your .htaccess file from your WordPress directory and add the following code to the top of the file.

# Stop Apache from serving .ht* files
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
# Protect wp-login
<Files wp-login.php>
AuthUserFile ~/.htpasswd
AuthName "Private access"
AuthType Basic
require user yourusername
</Files>

Here in the code, the username will be replaced by the desired username that you used in the .htpasswd file.  

That’s all. Now users will get a pop-up every time whenever they will want to log in to your website. So, to login into your website, they need to put the correct pop-up login information as well as the login information for the WordPress website.

Using WordPress Download Manager Pro:

When you’re using WordPress Download Manager Pro, you can create a custom login page using WordPress Download Manager Shortcode and override the default login page using the custom page you just created. To protect it from any bot attack, you also can enable reCaptcha on the login page. Additionally, you also can use the Modal Login Form option with WordPress Download Manager Pro for a better user experience.

Conclusion

In short, there are many ways you can take to save your website from being hacked. Hiding your login page can be one of the easiest ways to keep your website protected. In addition, it can also add an additional layer of security.

Hopefully, this tutorial will help you to implement the methods of hiding the login page of your website. To learn more about the ways of WordPress security, you may check our WordPress Tips and How-To’s to know more about WordPress.

If this article helps you, then please subscribe to our YouTube channel to get more tutorials related to WordPress. You may join our Facebook page to update yourself with more tips, solutions, offers, and so on.

You may also ask any questions related to it in the comment or want us to write on some specific topics you have in your mind. We appreciate your further comments, support or suggestions!