Support » Plugin: Wordfence Security - Firewall & Malware Scan » Does Wordfence have a feature to hide the wp-login.php page?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @wesleyj

    Our CEO explains in the video below why you should not and why you do not need to change the default login URL for WordPress as Wordfence provides a full and complete brute force login attack prevention solution.

    https://www.wordfence.com/blog/2017/10/should-you-hide-wordpress-login-page/

    Please see our plugin instructions below:

    https://www.wordfence.com/help/firewall/brute-force/

    https://www.wordfence.com/help/tools/two-factor-authentication/

    https://www.wordfence.com/help/login-security/

    dogwomble

    (@dogwomble)

    To explain it slightly differently (in case that video becomes TL;DR) – this “security through obscurity” is akin to locking your front door and then hiding the key under the door mat in the hopes nobody will find it.

    In other words it might slow down an attacker for a moment, but won’t do a lot else to stop them. This makes it a very unreliable security strategy, and you should not rely on it alone to provide any sort of meaningful security.

    If you take the steps to properly secure your login page (eg by 2FA, enforcing strong passwords, adding protection against brute force attacks) it would already be hard enough for someone to break in that hiding your login page is not going to really add any further value. If you’re not confident enough in your security strategy that you think this technique will fix it for you, the better option would be to go revisit your security strategy and make sure you’re doing it properly.

    • This reply was modified 1 year ago by dogwomble.
    • This reply was modified 1 year ago by dogwomble.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Does Wordfence have a feature to hide the wp-login.php page?’ is closed to new replies.