By default, your WordPress login slug will be: /wp-admin
This can be handy if you ever forget it, or work between several sites … but it does mean that anybody who also knows this (hackers included!) can easily access your login page.
While it’s not like you’ve giving away your password, several security experts revealed this does make your site more prone to brute force attacks (WPWhiteSecurity 2022).
So, should I change my login URL?
If you’re running a website or are the admin, I’m sure you’ve gotten one of those alerts saying somebody has tried to login to your site, or that you’ve perhaps had a site lockout for security reasons.
They can be pretty scary if you don’t have a cyber security team to help, or if you don’t have knowledge on how to fix this.
A common type of attack is called ‘brute force’, which often comes through the ‘/wp-admin’ login page.
What does it do by changing it?
By changing your login URL, you’re just adding one more step of difficulty that attacks have to get through to breach your website.
By having a custom login page (and you can make it anything you like!) you’re also ensuring anybody who knows the default ‘wp-admin’ URL can’t easily see your login page either.
It’s a relatively easy thing to do and does make a difference. So I agree with the security experts and highly recommend it!
What else can I do to secure my site?
We should all actively try to reduce the risk of cyber threats.
Here are a few simple things you can do to make it harder for hackers.
- Set up 2FA for all users
- Have custom usernames, and don’t use ‘admin’ or ‘administrator’
- Ensure you have a secure, long password with a mixture of numbers, lower and uppercase letters and special characters
- Engage a cyber security provider (especially if you have an eCommerce site!)
So, thinking of changing your URL?
Get in contact with your web developer, or if you’re managing your own site there are plugins to do this for you! Too much? What a surprise, we can also help you. Get in contact here.