Why Your Website Is Vulnerable If Others Know A Login
You should enter a login and a password to access any WordPress website. You know that the access code should be kept safer than a login. It’s a wrong mindset. If a hacker knows the admin login, he can guess the password and hack the website easier. And it’s not hard to find out what the admin login is if a webmaster didn’t take security measures. Today we will tell you the basics about the WordPress login, security vulnerabilities, and how to hide WordPress login and prevent your website from external attacks.
Can Other People See My Login?
Open any browser, enter the WordPress website URL and add the following phrase ?author=1
It should look like this:
site_name.com is your website name, “1” indicates to the first registered user. Usually, it’s the administrator. If you fill in another number and press Enter you can find other users’ logins.
In result, you’ll see the URL with the administrator login. In our case, it’s “user1983”
Fixing The Vulnerability
If you’ve discovered that anyone can see your login (and most likely the can!) it’s time to take actions. We will show you two ways of fixing this vulnerability. In result, the WordPress website security will increase significantly.
How To Hide WordPress Login Using Clearfy
You can use Clearfy and hide your WordPress login in no time. Download, install and activate the plugin. Go to Settings => Clearfy menu.
Go through settings and find Security. Search for Hide author login option. Press ON to activate the feature. Save the changes.
Check the results. Enter the following URL to the browser: http://site_name.com/?author=1. You should be redirected to the main page, and the author login is no longer displayed. The address now looks this way: http://site_name.com.
How To Hide WordPress Login Using The Code
Another option is to hide WordPress login using the code. Open the .htaccess file and add the following code on the bottom of the file:
RedirectMatch Permanent ^/author/login-admin https://site_name.com
Note: enter your actual login instead of “login-admin”. Re-check the result.
We’ve offered you two solutions to hide WordPress login: with the Clearfy plugin or code snippets in .htaccess. It’s up to you, which option you choose. However, consider all the pros and cons of each solution. With Clearfy you may not see the result immediately. This happens if the page hasn’t been cached. However, it’s a fast and safe solution. Changing the code is risky; any errors in .htaccess can seriously damage your website. But you will definitely improve your coding skills. If you are interested in the website security, make sure to read How To Hide Authorization Errors.