WordPress.org

Ready to get started?Download WordPress

Forums

Is it worth changing the login URL to foil brute force hackers? (4 posts)

  1. TWD
    Member
    Posted 2 years ago #

    I've already done most of the things recommended to protect a blog.

    Deleted the 'admin' account - check
    Installed 'Limit Login Attempts' plugin - check
    Create a strong password for the superuser account - check

    I am wondering whether its worth changing the login URL to
    something obscure like http://www.mydomain.com/tceruwq.php (for example) to
    through hackers off the scent.

    I read a comment that it helps security a bit, but not MUCH.
    Why is that? Are there ways and means of finding out your new login URL regardless?

  2. wpismypuppet
    Member
    Posted 2 years ago #

    In my opinion... it's better to write an .htaccess to restrict access to the admin section by IP address only. Place it in the wp-admin folder... something like:

    #Deny access to wp-admin folder
    AuthUserFile /dev/null
    AuthGroupFile /dev/null
    AuthName "Access Control"
    AuthType Basic
    order deny,allow
    deny from all
    #IP addresses allowed to view wp-admin folder
    allow from 000.000.000.000

    Only the person with an IP address of 000.000.000.000 can access the login area! Even if they were able to bypass your login page and attempt to access a file within the wp-admin folde, they'd be blocked.

  3. Security through obscurity is never very secure.

    @wpismypuppet: and even if you're on DSL, your IP will change from time to time.

    @TWD: See How to Hide The Fact That You’re Using WordPress | Ben Word for some ideas.

  4. wpismypuppet
    Member
    Posted 2 years ago #

    I agree, but if you are that concerned about hackers, you'll keep up on your IP address and change your .htaccess file as needed. You'd still have access to your site through FTP, so it shouldn't be an issue. Brute force hackers generally use bots to execute their attacks... those same bots will find the login page, even with obscurity in place.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags