Changing the login URL is an easy thing to do. By default, the WordPress login page can be accessed easily via
wp-admin added to the site’s main URL.
When hackers know the direct URL of your login page, they can try to brute force their way in. They attempt to log in with their GWDb (Guess Work Database, i.e. a database of guessed usernames and passwords; e.g. username:
admin and password:
p@ssword … with millions of such combinations).
At this point, we have already restricted the user login attempts and swapped usernames for email IDs. Now we can replace the login URL and get rid of 99% of direct brute force attacks.
This little trick restricts an unauthorized entity from accessing the login page. Only someone with the exact URL can do it. Again, the iThemes Security plugin can help you change your login URLs. Like so:
wp-login.phpto something unique; e.g.
/wp-admin/to something unique; e.g.
/wp-login.php?action=registerto something unique; e.g.