04Mar, 2019

How To Stop WordPress Brute Force Attacks

A Brute force attack is a method that hackers use to gain access to your website by guessing your login password. One way to prevent attacks is to obscure your login page, especially if your site runs on WordPress.

In DMCA Ignored Hosting, there is too many threat comes on your website. If that site developed with WordPress then it’s easy to hack where you didn’t protect your system.

Today we gonna inform you how to change the WordPress login URL without using any plugin. It is very helpful to protect the brute force attack.


Manually Create a New PHP Login File

By default, the wp-login.php file contains all the code that generates the login page and handles the login sequence. We can use the code from wp-login.php in our new file.

There are only 5 things we need to do:

  1. Create a new file.
  2. Copy the code from your wp-login.php, then paste it into your new file.
  3. Replace each instance of wp-login.php with the new file name.
  4. Delete the wp-login.php file.
  5. Log in through your new URL.

1. Create a New File

Create a new file from the text editor and save it into your root folder. Name this file whatever you want your login URL to be. In this case, I named it new-login.php.



2. Copy and Paste the Code

Next, open up the wp-login.php file, select all the code, and copy it into your new file. Make sure to save it.




3. Find and Replace the String “wp-login.php”

Now find and replace every instance of “wp-login.php” in the file – then replace it with your new file name. Notepad++ or Sublime text has a find and replace function I can use to hunt down every instance of “wp-login” and replace it quickly.




4. Delete the wp-login.php File

Now you can delete wp-login.php. Don’t worry, you will still have your backup in case something goes horribly wrong.


5. Log in through your new URL.

Now you should be able to log in by navigating to your new URL. In my case, it’s http://www.yoursite.com/new-login.php.

Now you have to redirect this URL using yours .htaccess on the root folder.
This method is less about security and more about the way the URL appears in the address bar. Add the following code to your .htaccess file to change the name of your login URL:
Just put this code on your .htaccess file.



RewriteRule ^mynewlogin$ http://www.yoursite.com/wp-login.php [NC,L]


You can now reach the admin URL from http://www.yoursite.com/mynewlogin. Keep in mind that this will not keep people from being able to access the wp-login.php page. It simply allows people to log in from a different URL.


If you face any issue or you have any questions please comment below.


For an Offshore VPS please check our packages or if you have custom requirements please contact our chat agent.



Leave a Reply

Copyright © 2019 Nisar Soft. All rights reserved.