How to prevent a brute force attack on your WordPress Admin page

May 15th, 2014

Brute force attacks on WordPress admin page are so common these days that it doesn’t really surprise anymore. But deep down we all know that we are scared of these attacks and wish we could put an end to it. Attacking your blog is fairly easy for a hacker since the admin page of your WordPress website is an easy guess, its either or php

But what if we change the url /wp-admin and /wp-login to something that only you know? Basically you will be closing gates to anyone who wants to access your admin page. Fortunately we stumbled upon a WordPress plugin that will help us to do just that. Please welcome HC Custom WP-Admin URL. This plugin will help you change the url to anything you want without breaking a sweat. Let’s take a quick look on how we can use this plugin.

1] Login to your WordPress Website

2] Click on Plugins >> Add New

3] Search for HC Custom WP-Admin and click on Search.

4] Once you find the plugin then click on Install

5] Once the plugin is installed then click on Activate Plugin.

6] To change the url go to Settings >> Permalinks.

7] The plugin adds a new section called WP-Admin slug at the end of the permalink page with a text box where you need to add your secret url and then click on Save

8] You will then need to Log out of your WordPress Dashboard.

9] You will now have access to your WordPress admin page only via

You may experience issues where you are redirected to the homepage even after entering the right credentials. In this situation simply clear the cache and cookies of your browser and try again, you should be good to go. After this, anyone who tries to access your website’s admin page using or will be routed to the homepage.

Well that’s about it. You have now protected your precious website from brute force attacks on your admin page. You can now focus on creating awesome content without the fear of being attacked at the door :-)

Leave A Comment