Since WordPress is an open-source web application, It is designed to be user-friendly and easy to use.
So there may be a variety of security weaknesses. However, these weaknesses are normal, and depending on the type of each website the security risk may also differ.
In this article, we want to introduce the WordPress admin login URL and give you a few tips on how to keep it secure.
In our previous article, we introduced the best WordPress security plugins.
Additionally, you can learn how you can customize your WordPress login page and discover which plugins are required for your website.
WordPress admin login URL
The very first thing the administrator of a WordPress website needs to know is how to login to the WordPress admin. By default the WordPress admin login URL looks like this:
But before you can view wp-admin you will be directed to wp-login.php to enter your security credentials. You can also simply type in “example.com/admin” or “example.com/login”
What if WordPress is installed in a subdomain or a subdirectory
If your WordPress website is on either subdomain or sub-directory, you must still follow the same path. For example, if we have a subdirectory called betterstudio in example.com domain, to enter its admin page we must type the following:
Or if you wish to enter the login page you will have to use either wp-login.php or log in.
The subdomain is much the same. a subdomain is technically another website. Therefore, you need to use the login URL connected to the subdomain for example:
Two ways to increase the security of your WordPress dashboard
WordPress admin URL is always accessible to people who have worked with WordPress. By typing wp-admin, anybody can arrive at the door of your Admin Panel.
Here are two ways to secure the WordPress admin panel. One to hide where it is and the other to fortify it against brute force.
1. Change WordPress admin login URL
One easy way that hackers use is simply trying out different usernames and passwords in your login page in order to gain access to your dashboard.
One big issue that WordPress has is you can simply find the admin's usernames through blog archives.
Therefore hackers can simply search through your old posts and find your admin username and enter wp-admin and try out different passwords until they guess the right one.
One way to avoid that is to simply hide your WordPress admin login URL from the public.
To increase your website’s security you must create a new URL for your admin page, a page that you will only know and remember. This way hackers will have a hard time finding it.
There are many plugins that you can use which will hide or change your wp-login or wp-admin page. One is the WPS Hide Login. You can easily search and download that in a plugin vault and change the admin page.
But we recommend the All in One WP Security & Firewall plugin. Not only this plugin will hide/change your login page but it also adds extra layers of security such as restricting the number of incorrect passwords, banning a username, covering IP addresses, and firewalls. Also, using the plugin is very easy.
All In One WP Security also scans your website and gives you feedback on your website’s security, and it will suggest ways to increase security if needed.
2. Add reCaptcha to the WordPress admin login
WordPress admin login page is notoriously subjected to brute force attacks.
In such attacks, a robot will test thousand and millions of passwords up until it can get the right one and enter your admin panel.
One of the best ways to stop these robots is to use reCaptcha. Google reCaptcha is a test, devised in a way that only humans can answer it.
Although sometimes solving a reCaptcha can even be difficult for humans. What Invisible reCAPTCHA does is to look at the way a user behaves and only show the reCapthca when it suspects a robot is visiting the site.
To use this you need to install the Invisible reCAPTCHA plugin. Then you need to set up your reCaptcha in Google and choose where to show it on your site.
We have explained the complete installation and setup of Invisible reCAPTCHA in our other article.
Finally, don't worry too much. There are bumps on the road for everyone but WordPress is generally one of the most secure site-building platforms out there.
By using the tools above, you are good for most of the usual attacks. Also, remember don't share your important details with too many people and don't give admin permission to people who don't need it.