Definitive answer to: hide wp-login or not?!

  • Resolved chrishechler

    (@chrishechler)


    1 year, 11 months ago

    Hi, sorry to ask this question again, I am sure you have been asked this one many times over the years and I ask it only to finally get a clear answer as I get more and more confused by all the different “professional” opinions:

    Should I hide the wp-admin login yes or no?

    On most Youtube channels and even doing a Google search I always read ” Do not keep the wp-admin login, hide it or change it”.

    Now, I have seen a few of Wordfence Youtube videos where Wordfence says we should not hide it (even Wordfences CEO published a video on this topic).

    So why do I ask again you might think?

    Just to get a clear and definitive answer as to why I should not hide wp-admin login. I mean great hackers will always find a way in and somewhat good hackers might find the login page even after a while (even if I hide it).

    But if I leave it out in the open then do I not increase the risk of getting targeted?

    Isnt the point of hiding just to deter or to decrease the risk of the wp-admin login getting found?

Viewing 2 replies - 1 through 2 (of 2 total)
  • generosus

    (@generosus)

    1 year, 11 months ago

    Hey @chrishechler,

    Use whatever works best for you. We hide ours (i.e., use a custom login URL) and it works flawlessly.

    Some will say: “Well, hiding your wp-admin login URL is like placing your front-door key under your doormat.” Well, we got news for them. We don’t place our front-door key under our doormat.

    Keep in mind that hiding your wp-admin login URL is simply a deterrent, not a fool-proof mechanism to ward off bots and bad actors.

    So, in short, there is no harm in exposing or hiding it. But remember this: Bots and bad actors will search first for your wp-admin login URL before they spend time trying to identify and use your custom login URL.

    Best wishes!

    Plugin Support wfmargaret

    (@wfmargaret)

    1 year, 11 months ago

    Hi @pierre59130,

    We generally recommend against hiding your login URL as, like @generosus explained, it just slows down an attacker rather than stops them entirely.  Some users are able to use an altered login URL and swear by it, however we have seen some cases in the past where this can lead to compatibility issues.

    I hope this helps!

    Margaret

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Definitive answer to: hide wp-login or not?!’ is closed to new replies.

Tags