Since I implement almost every website for my customers with WordPress, the customers always ask how they can log into WordPress. Since this question comes up frequently on the Internet, I would like to make a short and crisp article about it.
Chapter in this post:
WordPress login? / wp-admin / is the magic word
You have your domain - let's say now https://www.sir-apfelot.de - installed with WordPress, then the login to the admin area is usually one of these two URLs:
So you just append / wp-admin / or / wp-login / to the back of your homepage and you get to the standard WordPress login area.
htaccess protection and changing the WordPress login url
If you go to the above URL on my blog, you will find that there is a little protection upstream. I have additionally protected the login URL via htaccess.
Why? Because you have two logins in front of the WordPress admin and it is quite unlikely that a hacker will crack both of them.
Another popular way to protect the WordPress admin is by changing the login URL. That means that instead of / wp-admin / you choose a different virtual folder.
This change can be implemented with these two plugins:
Personally, however, the adjustment of the login URL makes me a little crazy, as I have to log into some WordPress sites many times a day and I am confused every time I get a 404 error instead of a login form. For this reason, I usually leave the URL as it is for my customers and work with a different solution.
Limit Login Attempts Reloaded - Protection against brute force attacks
The usual procedure for cracking a WordPress login uses so-called brute force attacks - that is, just trying out login and password combinations.
The login can be found out quickly, as WordPress usually reveals the user name via the author archives and then you only have to throw lists with the most common passwords at the WordPress XMLRPC interface and see when you have found the password.
Short insertion with other WordPress themes:
- Wordpress Tip: Increase PHP Memory Limit
- Build elegant pop-up windows in WordPress with the plug-in Popup-Maker
- Protect XML-RPC interface in WordPress via .htaccess
Unfortunately, WordPress itself does not yet have effective protection to prevent such attacks, but there is a plugin called "Limit Login Attempts Reloaded“, Which effectively fends off such attacks by only allowing a certain number of attempts before the IP or username is blocked.
With the Pro version you can even set that the time between login attempts is getting longer and you can use many other functions to protect WordPress from unauthorized access.
WordPress login help from Sir Apfelot
If you need help securing your WordPress blog or need support with a hacked WordPress, please let me know. I take care of a number of customer pages and am happy to support you.
Related Articles
Jens has been running the blog since 2012. He acts as Sir Apfelot for his readers and helps them with technical problems. In his spare time he rides electric unicycles, takes photos (preferably with the iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions to current bugs.