Hardening > Login Protection

Protect your login URL

From Login Protection page you can:

  • Block access to wp-login.php
  • Set a new URL for login page
  • Ban IPs that fail to log in multiple times in a given period of time
  • Set a specific time, where in between users can log in to WordPress
  • Enable a possibility to set up Two Factor Authentication from WordPress site
  • Add IP addresses (which should never be blocked no matter how many failed login attempts), to whitelist
  • Block certain IP addresses from being able to log in
14001400

How does the new login URL work?

If you define a new URL for login, it works like a security token for your wp-admin.

Example usage:

Let's say you enter "myadmin" to the New URL field.
Now, to login to your WordPress admin panel, you need to visit "yoursite.com/myadmin".
Once you visit this URL, your IP gets whitelisted and from that moment on, you can login from the regular "yoursite.com/wp-admin" again.
Visitors from other IP addresses need to know your token - in that case "myadmin" - to whitelist their IP and be able to log in to /wp-admin.


Did this page help you?