This is a tutorial for the video answers to top WordPress questions series that we have been publishing on this site to help users get started with WordPress.
In this tutorial, you will learn:
- The typical way to gain access to your WordPress Dashboard, and how to change your password if you have forgotten it.
- How to change the location of your web site login form to keep it hidden from potential hackers.
- How to change the default “admin” username so that potential hackers will not have half of your login credentials up front!
- How to generate secure passwords, and store your passwords in a secure password and login manager.
Resources discussed in the video:
- All In One WP Security & Firewall plugin
- LastPass.com Password Manager
Steps to Login to WordPress and Secure the Login Process
- To login to your self hosted WordPress web site, you simply append wp-login.php to the end of your web site address.
- Enter the username or email address for your account. Enter the password. Click Login.
- If you forgot your password, click the Lost your password link. Type in the username or email address for your account, and click Get New Password. Follow the steps in the email that you receive to create a new password.
- After logging in, you will land in the Dashboard area.
I will now offer 3 security tips related to your WordPress login:
- First, I want to point out that WordPress hackers know the default login location to a WordPress site, and may automate attempts, or manually try, to login to your site. You can use a plugin like the All In One WP Security & Firewall plugin by Tips & Tricks HQ to change the location of the login page to something only you remember.
- After performing the following steps, you may need to contact your web host to make certain that caching is not enabled on this renamed login page.
- To rename the login page, first install the security plugin from the Plugins / Add New menu in your WordPress Dashboard. Just search for All In One WP Security & Firewall while you are in there and it should be the first one to come up. Click Install Now, and then Activate.
- Next, locate the WP Security menu near the bottom of the WordPress menu in the Dashboard. Hover over it, and choose the Brute Force option.
- Enable the Rename Login Page Feature by selecting the box. Specify the new name in the Login Page URL box, and click the Save Settings button.
- Now you have a URL that only you know to be able to login to your WordPress web site.
- Now, if you want to be extra cautious, it’s a good idea to change the default username for WordPress to something other than admin. You can use the previously installed WP Security plugin to make this change.
- Go back to the WP Security menu, and click User Accounts.
- Within the List of Administrator Accounts you will see the admin account highlighted in red if it exists.
- Enter a new username for this account in the New Admin Username box, and click the Change Username button.
- Next, it’s important that you have a very secure password for your WordPress web site. I highly recommend using a tool like LastPass to create strong passwords, and then store your login details. This includes the Login URL, the username, and the password. You can then password protect your LastPass with a more memorable password, and that will be the only one you need to remember. LastPass can be setup to auto-login to your web site thereafter. It’s a free tool when used on just one device.