Title: Securing WP installation
Last modified: August 19, 2016

---

# Securing WP installation

 *  [eltioska](https://wordpress.org/support/users/eltioska/)
 * (@eltioska)
 * [15 years, 5 months ago](https://wordpress.org/support/topic/securing-wp-installation-1/)
 * Hi,
 * I’ve been reading up on securing my WordPress installation and have a few questions:
 * **First**:
 * I followed a much-recommended idea of changing the database prefix from “wp-”
   to something else.
 * I’m trying to find how to change the name of wp-login.php but cannot find how.
 * So, questions:
 * 1) How can I change the name of wp-login.php so that I can access the admin area
   through “mysite.com/comein” for example (instead of “mysite.com/wp-admin” or “
   mysite.com/wp-login”)
 * 2) Will these (wp-login.php & the database prefix) be affected/changed back to
   standard on a WP update?
 * ——————-
 * **Second:**
 * On [http://digwp.com/2010/07/wordpress-security-lockdown/](http://digwp.com/2010/07/wordpress-security-lockdown/)
   they recommend 5 security plugins, namely:
 * WP File Monitor
    WP Security Scan Ultimate Security Check Secure WrodPress Block
   Bad Queries
 * Question:
    Wouldn’t so many plugins for the same reason (security) conflict between
   each other?
 * ——————-
 * Hope that this question will evolve to help newbies understand a bit more on 
   securing WP installations!
 * cheers
    ska

Viewing 6 replies - 1 through 6 (of 6 total)

 *  Thread Starter [eltioska](https://wordpress.org/support/users/eltioska/)
 * (@eltioska)
 * [15 years, 5 months ago](https://wordpress.org/support/topic/securing-wp-installation-1/#post-1793396)
 * Part of question 2 above answered:
 * > 2) Will these (wp-login.php & the database prefix) be affected/changed back
   > to standard on a WP update?
 * The database prefix is not affected on upgrading (I updated to version 3.0.2 
   today). Maybe this seems obvious to people who know coding & databases inside
   out but for people like me who’re still learning, it is helpful to state the 
   obvious :o)
 *  Moderator [t-p](https://wordpress.org/support/users/t-p/)
 * (@t-p)
 * [15 years, 5 months ago](https://wordpress.org/support/topic/securing-wp-installation-1/#post-1793421)
 * documentation: [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress)
 *  Thread Starter [eltioska](https://wordpress.org/support/users/eltioska/)
 * (@eltioska)
 * [15 years, 5 months ago](https://wordpress.org/support/topic/securing-wp-installation-1/#post-1793425)
 * [@t-p](https://wordpress.org/support/users/t-p/) Thanks, had already read it 
   but read it again to check: there’s no mentions of changing wp-login.php & whether
   it’s affected by an update. But it’s good to have it here in an attempt to make
   this thread more comprehensive 🙂
 *  Moderator [t-p](https://wordpress.org/support/users/t-p/)
 * (@t-p)
 * [15 years, 5 months ago](https://wordpress.org/support/topic/securing-wp-installation-1/#post-1793426)
 * May not be exactly what you have in mind, but it does talk about:
 * [http://codex.wordpress.org/Hardening_WordPress#Securing_wp-admin](http://codex.wordpress.org/Hardening_WordPress#Securing_wp-admin)
 *  Thread Starter [eltioska](https://wordpress.org/support/users/eltioska/)
 * (@eltioska)
 * [15 years, 5 months ago](https://wordpress.org/support/topic/securing-wp-installation-1/#post-1793427)
 * Yeah. What I’m looking for is actually a way to change the name of the wp-login.
   php file, to make access more obscure & unavailable to automated scripts that
   would look for a wp-login.php file to log in.
 * Password-protecting the wp-admin folder is mentioned, which is a good step, but
   not the one I’m looking at.
 *  Moderator [t-p](https://wordpress.org/support/users/t-p/)
 * (@t-p)
 * [15 years, 5 months ago](https://wordpress.org/support/topic/securing-wp-installation-1/#post-1793428)
 * > What I’m looking for is actually a way to change the name of the wp-login.php
   > file, to make access more obscure & unavailable to automated scripts that would
   > look for a wp-login.php file to log in
 * I don’t know how to do that.
 * Perhaps this not what you want, but here is what many people use – they restrict
   access from only specified IP(s). To do that create .htaccess with the following
   code and place it in your wp-admin folder.
 *     ```
       AuthUserFile /dev/null
       AuthGroupFile /dev/null
       AuthName "Access Control"
       AuthType Basic
       <LIMIT GET>
       order deny,allow
       deny from all
       # whitelist home IP address
       allow from 00.00.00.00
       </LIMIT>
       ```
   

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Securing WP installation’ is closed to new replies.

## Tags

 * [security plugins](https://wordpress.org/support/topic-tag/security-plugins/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 6 replies
 * 2 participants
 * Last reply from: [t-p](https://wordpress.org/support/users/t-p/)
 * Last activity: [15 years, 5 months ago](https://wordpress.org/support/topic/securing-wp-installation-1/#post-1793428)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics