Skip to content
Creative Motion Development
  • About
  • Plugins​
    • Last changes
    • Clearfy
      • Pricing
    • Robin
      • Pricing
    • Woody
      • Pricing
    • Titan Anti-Spam & Security
      • Pricing
    • Auto Featured Image
      • Features
      • Instruction
      • Pricing
    • Social slider
      • Feature
      • Social Slider Widget pricing
      • Demo
    • More Plugins
  • Support
  • Contacts

How to Hide Your WordPress Login Page From Hackers and Brute Force

WordPress login page is one of the most vulnerable website part. Of course, hackers perfectly know about it. That’s why your main priority, as a website owner is 100% login page protection.

There are dozens of solutions over the internet – different by complexity and implementation time. In this article, we will discuss the protection of your login page using plugins.

Why do we need to protect WordPress login page?

You can access login page using one of the following options:

  1. By enter wp-login.php to the browser address bar;
  2. By following the wp-admin link.

In case you haven’t signed up, you’ll see authorization form.

The problem is that everyone (including hackers) know these addresses (links). Hackers create special bots trying to bypass website security, determine website’s CMS and to brute-force the login and password on wp-login and wp-admin pages.

Why are they want to hack into your site?

After accessing authorization page robots try to find the valid match of login and password – they check “Remember me” flag, “Sign in” button and start collating the passwords.

Now imagine the total load on your website during each of this collating attempt and pressing the “Sign in” button!  Regular users may have trouble accessing the website. It is caused by robots attempting to find the valid match. This scheme is called “brute-force attack”.

The easiest way of protecting the website from brute-force attacks is to create a unique address of login page, which means using some other URL instead of wp-login or wp-admin. One more important thing: when accessing standard login pages “404 error” should be displayed. In this case, bot seeing the error simply leaves the website. Very smart and simple method!

How to protect WordPress login page using the Clearfy plugin

For the protection purposes, we are going to use one of our free plugins. First of them is Clearfy with embedded feature of protecting WordPress login page. There are also many useful functions in the plugin designed for website protection, optimization (including SEO) and speed improvement.

Protecting wp-admin folder

After you download the free Clearfy plugin, set it on the WordPress settings menu, you’ll see “Clearfy menu”. Then go to the “Defense” section, scroll down and search for the following phrase: “Protect your admin login”.

To disable access to the login page using wp-admin you can simply enable “Hide wp-admin” option and save settings.

Disable wp-admin access

Now each time you open wp-admin page you’ll get “404 error” message – the page doesn’t exist.

Protecting wp-login.php URL

To block wp-login.php access, you should just to turn “Hide Login Page” on. However, you should define a new address of login page before hiding the existing one. If you’ll try to hide authorization page without defining new address, the plugin won’t let you do that due to its special inner protection algorithm. Even if you enable the option and leave the field blank, your login page will still be accessible via wp-login.php:

Clearfy inner link security algorithm

Only when you define the new address, this feature will work.

Let’s define the new address and see how it works. For example, you’ve already entered the new address and saved the settings. We see that now the address of the login page is the following:

Clearfy change wp-login.php url

IMPORTANT: You should keep this new address and recovery link somewhere safe!

After changing login page, you’ll receive an e-mail from Clearfy plugin with the link to your new login address and the alternative recovery link.

Clearfy email with links backup

Now let’s check how it works.

  1. Enter wp-admin and try to log in. You’ll get “404 error”;
  2. Copy the new login link and paste to the address bar;
  3. You’ll see authorization page. Everything works perfectly.

Changing access error type

By default the access error after activating the aforementioned options is “404 not found” but you can change it. Let’s set the “Access error type” to “Redirect to” and write some custom URL:

Clearfy access error redirect to another link

After saving settings, every attempt to access to wp-admin or wp-login.php will redirect bot or user to custom URL.

You can also set the “Forbidden 403” error instead off 404. Attempting to access to wp-admin or wp-login.php, user or bot will get something like:

WordPress login security with 403 access denied

It imitates that the website is not available, or authorization page doesn’t exist. However, you do know that the access to the website exists but only for you.

Protection of login page using WordPress Hide Login Page plugin

Our second plugin is much smaller than Clearfy. However, if you don’t need a fully-featured plugin, and protection of login page is your only goal, then you can easily install our small plugin named Hide Login Page

Hide Login Page plugin for WordPress

It has only one login page protection function and the same options as in Clearfy.

Conclusion

In this article, we’ve told why it’s important to protect WordPress login page and have shown you how to use our plugins for this. You can choose Clearfy or Hide My Login plugin in your case.

Always keep in mind that timely and reliable protection of your website save you a lot of time and money.
Cheers!

Post navigation

← Previous Post
Next Post →
Copyright © 2023 Creative Motion Development
Scroll to Top