Hardening > Login Protection
Protect your login URL
Accessible for the Developer and Business plan users only.
From Login Protection subpage you can:
- Block access to wp-login.php
- Set a new URL for login page
- Ban IPs that fail to log in multiple times in a given period of time
- Set a specific time, where in between users can log in to WordPress
- Enable a possibility to set up Two Factor Authentication from WordPress site
- Add IP addresses (which should never be blocked no matter how many failed login attempts), to whitelist
- Block certain IP addresses from being able to log in
How does the new login URL work?
If you define a new URL for login, it works like a security token for your wp-admin.
Example usage:
Let's say you enter "myadmin" to the New URL field.
Now, to login to your WordPress admin panel, you need to visit "yourdomain.com/myadmin".
Once you visit this URL, your IP gets whitelisted and from that moment on, you can log in from the regular "yourdomain.com/wp-admin" again.
Visitors from other IP addresses need to know your token - in that case "myadmin" - to whitelist their IP and be able to log in to /wp-admin.
Updated 7 months ago