How to find your WordPress login URL (change, lock)

Marc Wag­ner

Sep­tem­ber 5, 2024

2 min read|

Whe­ther you’­re a Word­Press new­bie or an expe­ri­en­ced user, soo­ner or later you’ll be faced with the ques­ti­on: “How do I find my Word­Press log­in URL?” In this post, I’ll show you how to find and chan­ge your log­in URL and how you can secu­re it to pro­tect your Word­Press from attacks.

Where can I find the default login URL?

The default log­in URL in Word­Press is easy to reco­gni­ze. It is nor­mal­ly: 

https://deinedomain.de/wp-admin

or

https://deinedomain.de/wp-login.php

The­se URLs are the same for all Word­Press sites, unless they have been chan­ged manu­al­ly. The wp-admin-URL takes you direct­ly to the backend, while wp-login.php dis­plays a page with user­na­me and pass­word fields.

image

Why change the login URL? #

Becau­se the default log­in URL is so well known, it can be a poten­ti­al tar­get for hacker attacks. Auto­ma­ted bots often try to gain access via this URL. By chan­ging the log­in URL, you can signi­fi­cant­ly increase the secu­ri­ty of your Word­Press site.

How to change the WordPress login URL

To chan­ge the default log­in URL, you can use a plug­in. Here are the steps:

Install the “WPS Hide Log­inplug­in
Go to your Word­Press dash­board, click on “Plug­ins” and search for “WPS Hide Log­in”. Install and acti­va­te the plug­in.

Chan­ge the URL in the plug­in
After instal­la­ti­on, you will find the “WPS Hide Log­in” sec­tion in the “Set­tings”. Here you can defi­ne a user-defi­­ned URL, for exam­p­le: 

https://deinedomain.de/mein-sicherer-login

    Save and test
    Save the chan­ges and test whe­ther the new URL works. The old URL no lon­ger works.

    Login protection by blocking the URL

    In addi­ti­on to chan­ging the log­in URL, you can take various mea­su­res to fur­ther rest­rict access to the log­in page:

    IP-based access control

    You can rest­rict access to the log­in page to cer­tain IP addres­ses. This can be done via the .htaccess file on your ser­ver. Here is an exam­p­le code: 

    <Files wp-login.php>
    Order Deny,Allow
    Deny from all
    Allow from deine.ip.adresse
</Files>

    With this method, only peo­p­le with your IP address can access the log­in page.

    4.2. Zwei-Faktor-Authentifizierung (2FA)

    Ano­ther important secu­ri­ty fea­ture is two-fac­­tor authen­ti­ca­ti­on (2FA). Plug­ins such as “Goog­le Authen­ti­ca­tor” or “Word­fence” offer 2FA, which requi­res an addi­tio­nal code to log in.

    image 1

    Conclusion #

    Fin­ding the Word­Press log­in URL is easy, but it’s equal­ly important to secu­re it. By chan­ging the URL and taking other pro­tec­ti­ve mea­su­res, such as IP-based access con­trol and two-fac­­tor authen­ti­ca­ti­on, you can signi­fi­cant­ly increase the secu­ri­ty of your Word­Press. Remem­ber to per­form regu­lar updates and back­ups to pro­tect your web­site from poten­ti­al thre­ats.

    Have you alre­a­dy taken mea­su­res to pro­tect your log­in page? Share your expe­ri­en­ces in the comm­ents!

    88e86fcb816eff22bc917094df2862d8dd5c0e978b333e6dd5f36f808990c261 96

    Arti­kel von:

    Marc Wag­ner

    Hi Marc here. I’m the foun­der of Forge12 Inter­ac­ti­ve and have been pas­sio­na­te about buil­ding web­sites, online stores, appli­ca­ti­ons and SaaS solu­ti­ons for busi­nesses for over 20 years. Befo­re foun­ding the com­pa­ny, I alre­a­dy work­ed in publicly lis­ted com­pa­nies and acqui­red all kinds of know­ledge. Now I want to pass this know­ledge on to my cus­to­mers.

    Hast du eine Fra­ge? Hin­ter­lass bit­te einen Kom­men­tar