Support » Fixing WordPress » Is it worth changing the login URL to foil brute force hackers?

  • I’ve already done most of the things recommended to protect a blog.

    Deleted the ‘admin’ account – check
    Installed ‘Limit Login Attempts’ plugin – check
    Create a strong password for the superuser account – check

    I am wondering whether its worth changing the login URL to
    something obscure like (for example) to
    through hackers off the scent.

    I read a comment that it helps security a bit, but not MUCH.
    Why is that? Are there ways and means of finding out your new login URL regardless?

Viewing 3 replies - 1 through 3 (of 3 total)
  • wpismypuppet


    In my opinion… it’s better to write an .htaccess to restrict access to the admin section by IP address only. Place it in the wp-admin folder… something like:

    #Deny access to wp-admin folder
    AuthUserFile /dev/null
    AuthGroupFile /dev/null
    AuthName "Access Control"
    AuthType Basic
    order deny,allow
    deny from all
    #IP addresses allowed to view wp-admin folder
    allow from

    Only the person with an IP address of can access the login area! Even if they were able to bypass your login page and attempt to access a file within the wp-admin folde, they’d be blocked.

    Moderator Mark Ratledge


    Forum Moderator

    Security through obscurity is never very secure.

    @wpismypuppet: and even if you’re on DSL, your IP will change from time to time.

    @twd: See How to Hide The Fact That You’re Using WordPress | Ben Word for some ideas.



    I agree, but if you are that concerned about hackers, you’ll keep up on your IP address and change your .htaccess file as needed. You’d still have access to your site through FTP, so it shouldn’t be an issue. Brute force hackers generally use bots to execute their attacks… those same bots will find the login page, even with obscurity in place.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Is it worth changing the login URL to foil brute force hackers?’ is closed to new replies.