Skip to content
Clearfy – wordpress optimization plugin and ultimate tweaker
  • Company
    • Our plugins
      • Disable admin notices PRO
      • Hide my wp PRO
      • Assets manager PRO
    • Meet team
  • Pricing
  • Documentation
  • Ideas
  • My account
  • Support
    • Support
    • Forum
    • Contact us
  • English
  • Русский

How to Hide Your WordPress Login Page From Hackers and Brute Force

Clearfy, Documentation, Security / By Alexander Kovalev / clearfy, hide my wp, security, wp-login / 4 minutes of reading
How to Hide Your WordPress Login Page From Hackers and Brute Force

The WordPress login page is one of the most vulnerable parts of websites. Of course, hackers perfectly know about it. That’s why you, as a website owner, should provide 100% protection of the login page. There are dozens of solutions over the internet – different by complexity and implementation time. In this article, we will teach you how to protect the WordPress login page using plugins.

Table of Contents

  • Why Do We Need to Protect the WordPress Login Page
    • Why Do They Want to Hack Your Website?
    • How to Protect the WordPress Login Page with Clearfy
      • Protecting the wp-admin Folder
      • Protecting wp-login.php URL
      • Changing the Access Error Type
    • Protect the WordPress Login Page with Hide Login Page
  • Conclusion

Why Do We Need to Protect the WordPress Login Page

You can access the login page using one of the following methods:

  1. enter wp-login.php to the browser address bar;
  2. follow the wp-admin link.

In case you haven’t signed in, you’ll see the authorization form.

Authorization form - How to protect the WordPress login page

The problem is that everyone knows these addresses (links), including hackers. Hackers create special bots trying to bypass the website security, find the website’s CMS, and brute-force the login and password on wp-login and wp-admin pages.

Why Do They Want to Hack Your Website?

After accessing the login page robots try to find the valid combination of the login and password – they activate the Remember me flag, and Sign in button, and start sorting the passwords.

Now imagine the total load on your website producing by each sorting attempt pressing the Sign in button!  Regular users may have trouble accessing the website. It is caused by robots attempting to find a valid match. This scheme is called brute-force attack.

The easiest way of protecting the website from brute-force attacks is to create a unique address of the login page, which means replacing wp-login or wp-admin with other URLs. One more thing: when accessing standard login pages the 404 error should be displayed. In this case, the bot sees the error and simply leaves the website. Super simple and effective!

How to Protect the WordPress Login Page with Clearfy

In order to protect the website, we are going to use one of our free plugins. First of one is Clearfy with the in-built feature of protecting the WordPress login page. This plugin has many other useful features, including website security, optimization (with SEO), and speed improvement.

Protecting the wp-admin Folder

After you download Clearfy and install it on the website, you’ll see Clearfy menu. Open it, go to the security tab. and search for Protect your admin login.

Enable Hide wp-admin if you want to forbid access to the login page. Don’t forget to save the changes.

Disable wp-admin access - How to protect the WordPress login page

Now each time you open the wp-admin page you’ll get a 404 error message – the page doesn’t seem to exist.

404 access error - How to protect the WordPress login page

Protecting wp-login.php URL

To block access to wp-login.php, you should just activate the feature named Hide Login Page. But first, make sure to set up a new address of the login page. The plugin won’t let you hide the login page without defining a new one first due to its internal protection algorithm. Even if you enable the option and leave the field blank, your login page will still be accessible via wp-login.php:

Clearfy internal security algorithm - How to protect the WordPress login page

This feature works only after you set up the new address.

Let’s set up the new address and see how it works. For example, you’ve already entered the new address and saved the settings. We see that now the login page URL  is the following:

Clearfy change wp-login.php url - How to protect the WordPress login page

IMPORTANT: Keep this new address and the recovery link somewhere safe!

Once you change the login page, you’ll get a confirmation e-mail from Clearfy with your new login URL and the alternative recovery link.

Clearfy email with recovery links - How to protect the WordPress login page

Now let’s check how it works.

  1. Enter wp-admin and try to log in. You’ll see 404 error.
  2. Copy the new login link and paste it to the address bar.
  3. Now you see the login page. Everything works great.

Changing the Access Error Type

Once you activate Hide login page, you will see the 404 not found access error by default. However, you can change the type of the access error. Let’s set Access error type to Redirect to and fil in a custom URL:

Clearfy access error redirect to another link - How to protect the WordPress login page

After saving the settings, each attempt to access wp-admin or wp-login.php will redirect the bot or the user to the custom URL.

You can also replace 404 error with 403 Forbidden. And each time someone tries to access wp-admin or wp-login.php, he will see something like this:

403 access denied error - How to protect the WordPress login page

It looks like the website either doesn’t work or the login page doesn’t exist. At the same time, you know that your website does work, but only for you.

Protect the WordPress Login Page with Hide Login Page

Our second plugin is much smaller than Clearfy. However, if you don’t need a fully-featured plugin, and your only goal is to protect the WordPress login page, then consider choosing Hide Login Page.

Protect the WordPress login page with Hide Login Page

It has only one function and the features are similar to Clearfy’s.

Conclusion

In this article, we’ve discussed why it is so important to protect the WordPress login page and showed you how our plugins Clearfy and Hide Login Page work.

Keep in mind that timely and reliable protection of your website saves you a lot of time and money.
Good luck!

Post navigation

← Previous Post
Next Post →

Search

How to Hide Your WordPress Login Page From Hackers and Brute Force

Expand & Learn

  • Documentation
  • Translate plugin
  • Purchasing FAQ
  • FAQ
  • Ideas
  • Forum
  • Webcraftic support

Company

  • Meet the team
  • Affiliate program
  • Company Blog

Terms & Conditions

  • User agreement
  • Refund policy
  • Privacy Policy
  • Cookies Policy

Products

  • Clearfy
  • Hide my wp
  • Robin image optimizer
  • Hide login page
  • Woody Ad Snippets
© 2017–2021 Creative Motion
Scroll to Top