{"id":20537,"date":"2023-05-01T14:11:35","date_gmt":"2023-05-01T13:11:35","guid":{"rendered":"https:\/\/wpbeveiligen.nl\/?p=20537"},"modified":"2023-05-01T14:11:35","modified_gmt":"2023-05-01T13:11:35","slug":"hiding-the-login-page-ithemes-security","status":"publish","type":"post","link":"https:\/\/wpbeveiligen.nl\/en\/hiding-the-login-page-ithemes-security\/","title":{"rendered":"Hiding the login page – iThemes Security"},"content":{"rendered":"
By default, the WordPress login page is found on the “admin” page. That’s with every standard WordPress website worldwide. Every hacker and hackbot knows that … they can easily make attempts to log in through your login page that way.<\/strong><\/p>\n Why you should hide the login page:<\/strong><\/p>\n [press-server]There are websites where the login page gets 5,000 “visitors” every day, spread over 24 hours… the IP addresses change constantly so the server will not block all the attacks. Even if it comes at the cost of server capacity. Hiding the login page is an important step against unwanted “visitors” (bots & scripts)[close-press-server].<\/p>\n Ironically, that feature is also kind of hidden! In fact, you won’t encounter it during the default installation. There you can move the login page to a page with a unique name.<\/strong><\/p>\n <\/p>\n Remember that new page name well! That way you can always login to your website.<\/p>\n Also keep in mind that the regular login page is inaccessible from now on (until you are logged in), if you keep looking for it anyway the security plug-in may temporarily block your account. By default, the WordPress login page is found on the “admin” page. That’s with every standard WordPress website worldwide. Every hacker and hackbot knows that … they can easily make attempts to log in through your login page that way. It’s important to hide the default login page Why you should hide the login page: […]<\/p>\n","protected":false},"author":4,"featured_media":18692,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[192,163],"tags":[],"_links":{"self":[{"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/posts\/20537"}],"collection":[{"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/comments?post=20537"}],"version-history":[{"count":0,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/posts\/20537\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/media\/18692"}],"wp:attachment":[{"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/media?parent=20537"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/categories?post=20537"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpbeveiligen.nl\/wp-json\/wp\/v2\/tags?post=20537"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}It’s important to hide the default login page<\/h2>\n
\n
\nBrute force attacks make your website slower!<\/strong> These are requests that are processed by your website, and behind it by the server, at the expense of loading speed for real visitors.<\/li>\n
\n(I know, in the source code you can see it too but not everyone looks there)<\/li>\n
\nAnd if I find admin as a username there too… sigh! – But that’s something for another article ;)So the key is to make the login page inaccessible to the world!<\/li>\n<\/ol>\niThemes Security has the ability to hide your login page<\/h2>\n
\nYou can find this setting at Advanced > Hide backend.<\/p>\n
\nTherefore, please also give the new admin address to administrators who regularly login to your website.<\/p>\n","protected":false},"excerpt":{"rendered":"