In this article, we will explain how to protect your WP Admin area. This is essential to maintain site security.
Bots are constantly trying to guess your password by repeatedly hitting your WP Admin area with different credentials, which can slow down your website.
We are constantly monitoring activity on your URL for bot attacks. If you are using WordPress as an online classroom, for example, then repeated attacks might make your website temporarily inaccessible for your users, which is not something anybody wants to happen! This is in line with a new Brute Force security feature we have implemented, in which a site will be temporarily locked if logins fail in rapid succession.
To help prevent such attacks, we will install a small plugin in just three short steps. This will help prevent bots from guessing your credentials and will ensure your users can continue to work without issues.
First, you must to go to the Plugins (1) menu of your WordPress website (in the WP Admin area). Under the Plugin tab, select Add New (2) and search for ‘WPS Hide Login’ (3). Once the WPS Hide Login plugin has appeared, click Install and then Activate (4), as shown in the screenshot below;
Once the installation is complete, you will most likely be redirected to the plugins list where you can see that the plugin has activated successfully.
Next, we must go to Settings (1) → General (2), and at the bottom of this page, you will see the WPS Hide Login section. In the Login URL field (3), enter your own custom URL to use as your new login page, as shown in the screenshot below;
If everything goes well, you should get a successful message at the top telling you to bookmark your new URL. It’s a good idea to do that!
Now we should test to see if everything went well. In our case, we have changed /wp-admin/ to /protected/. In the following screenshot, you’ll see that we are successfully accessing the WP Login page via /protected/ instead of the standard /wp-admin/ which from now on will show a 403 Forbidden Error or a “This has been disabled” message;
That's it! These steps will ensure that your WP Admin area is kept secure. If you would like to know more about how to keep your site safe, you can find other articles under the Security section of our Knowledgebase.
Keep in mind that this is only one recommendation to strengthen the security of your website.
If you have any issues, please raise a support ticket here:
and we'll get back to you asap!