Hiding the login page – iThemes Security

Hiding the login page – iThemes Security
datum-geschreven 1 May 2023

By default, the WordPress login page is found on the “admin” page. That’s with every standard WordPress website worldwide. Every hacker and hackbot knows that … they can easily make attempts to log in through your login page that way.

It’s important to hide the default login page

Why you should hide the login page:

  1. Even if you have a great password that makes logging in “impossible” you will suffer if attempts are made to log in through that well-known login page. This is because mainly scripts use that page to fire thousands of attempts at it. They call it brute force attacks.
    Brute force attacks make your website slower! These are requests that are processed by your website, and behind it by the server, at the expense of loading speed for real visitors.
  2. Not everyone needs to know that your website is made with WordPress right?
    (I know, in the source code you can see it too but not everyone looks there)
  3. It says something about your website, for example I quickly know if a website is well secured or not when I visit the default login page. And hackers know that too.
    And if I find admin as a username there too… sigh! – But that’s something for another article ;)So the key is to make the login page inaccessible to the world!

[press-server]There are websites where the login page gets 5,000 “visitors” every day, spread over 24 hours… the IP addresses change constantly so the server will not block all the attacks. Even if it comes at the cost of server capacity. Hiding the login page is an important step against unwanted “visitors” (bots & scripts)[close-press-server].

iThemes Security has the ability to hide your login page

Ironically, that feature is also kind of hidden! In fact, you won’t encounter it during the default installation.
You can find this setting at Advanced > Hide backend.

There you can move the login page to a page with a unique name.

admin verbergen ithemes security

Remember that new page name well! That way you can always login to your website.

Also keep in mind that the regular login page is inaccessible from now on (until you are logged in), if you keep looking for it anyway the security plug-in may temporarily block your account.
Therefore, please also give the new admin address to administrators who regularly login to your website.

De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Heb je een vraag? Tip of gedachte? Deel die!

Breng me op de hoogte
0 Reacties
Inline Feedbacks
Bekijk alle reacties