Ubah WordPress admin URL dengan HC Custom WP-Admin URL
These days it’s common for brute force attacks against the WordPress admin dashboard. Partly because WordPress uses /wp-admin and wp-login.php to handle admin logins by default.
Using the HC Custom WP-Admin URL plugin you can very easily hide these default WordPress admin login URLs, and instead create a custom address that only you will know about.
If you think your WordPress site is under attack you can always review WordPress login attempts, and if you see any malicious attempts you can block unwanted users with .htaccess to prevent further access.
Install and setup HC Custom WP-Admin URL plugin
The HC Custom WP-Admin URL plugin works by simply adding a rule to your WordPress .htaccess file to redirect requests using the custom URL you’ve configured.
Following the steps below you should have the plugin configured to provide extra security for your WordPress site in just a few minutes.
- Login to WordPress admin dashboard.
- Hover over Plugins, then click on Add New
- Fill out HC Custom WP-Admin and click Search Plugins
- Click on Install Now beside HC Custom WP-Admin URL
- Click OK on the plugin install confirmation pop-up
- After the plugin installs, click on Activate Plugin
- Hover over Settings and click on Permalinks
- The HC Custom WP-Admin URL plugin adds a WP-Admin slug setting to the bottom of your Permalinks page.
Fill in the URL you’d like to change your WordPress login pages to. I’ve simply used secret and then clicked on Save Changes.
The WP-Admin URL slug is convered to all lowercase as pointed out in the comment below.
- At the top-right, hover over Howdy, User and click on Log Out
- Now if you try to access your WordPress admin dashboard with the default /wp-admin or wp-login.php URLs, you’ll simply see your WordPress front page instead of the dashboard.
- If we instead use the new WP-ADMIN slug that we setup of secret we are then presented with the normal WordPress admin login form.
- After you login using the WP-ADMIN slug that you setup, you’ll be presented with your normal WordPress admin dashboard again.
You should now have successfully added an extra level of security to your WordPress site that should help prevent malicious users from gaining access to your website.