WordPress (WP) 是最受欢迎的内容管理系统 ( CMS ),holding 60.8%的市场份额。
然而,它最显着的弱点之一是,如此多的WordPress 黑客知道如何进入 WP 网站的前门。
默认情况下,主WordPress登录URL是 yourdomain.com/wp-admin.php。您可以使用另外两个URL来重定向到相同的默认登录页面:
- yourdomain.com/admin
- yourdomain.com/login
为什么不让潜在的黑客更难找到您的登录页面呢?本文将向您展示如何以及为什么要更改您的WordPress管理员登录URL。
为什么要更改您的 WordPress 登录 URL?(Why Change Your WordPress Login URL?)
尽管使用默认的 WordPress 登录 URL(default WordPress login URL)是记住如何访问您的网站的一种简单方法,但它也让黑客太容易使用它。
您至少可以通过将您的登录URL(URL)更改为他们更难找到的东西来减慢黑客的速度。恶意行为者使用各种技术来入侵 WP 网站,其中最常见的是蛮力攻击。
蛮力攻击(brute force attack)是指黑客试图通过不断尝试用户名和密码的各种组合直到找到正确的组合来访问您的站点。
尽管它们并不总是成功的,但如果它们获得访问权限,这些尝试可能会对您的网站造成严重破坏。一个简单的预防措施是不要使用容易猜到的密码,例如“ 12345 ”或“ abcde ”。另外,不要使用admin作为您的用户名。
您是否知道每天每分钟有超过90,000 次黑客尝试?(90,000 hack attempts)无论您的网站大小,入侵您网站的企图都是迫在眉睫且不可避免的。
蛮力(Brute)攻击通过快速连续地反复发出HTTP请求来使您的托管服务器的内存过载。即使黑客无法获得访问权限,请求的绝对数量也足以使 Web 服务器超出容量并可能导致您的站点崩溃。
如果成功,黑客将以管理员身份访问您的WordPress仪表板。(WordPress)防止所有这些问题的最推荐解决方案是将您的默认WordPress登录URL更改为新的。
您是否应该手动更改您的 WordPress 登录 URL?(Should You Change Your WordPress Login URL Manually?)
如果您想尝试手动更改登录页面URL,我们强烈建议您不要这样做。虽然您可以通过FTP(FTP)或其他方法直接访问您的网站文件,但这并不是一个好主意,原因如下:
- 每次WordPress更新时,它都会重新创建登录页面文件,因此您需要再次更改URL。
- 您可能会无意中造成网站功能问题,包括注销屏幕错误。
- 当您更改站点的核心文件时,通常会产生意想不到的负面后果,尤其是在您不必这样做的时候。
使用 WPS 隐藏登录插件 (Use WPS Hide Login Plugin )
WPS Hide Login是一个轻量级的WordPress插件,可以安全有效地更改WordPress登录(WordPress)页面的URL 。
这是一个轻量级插件,可让您安全轻松地更改登录表单页面URL。它不添加重写规则、修改文件或重命名核心文件。
相反,WPS 隐藏登录(WPS Hide Login)会拦截页面请求并使您的 wp-login.php 页面无法访问。确保记下新的登录页面或将其添加为书签,以便以后访问。
如何安装 WPS 隐藏登录(How to Install WPS Hide Login)
您可以通过搜索从WordPress后端(WordPress)下载( download the plugin)或上传插件。转到插件(Plugins)>添加新的(Add New)。从WordPress 插件库(WordPress Plugin Repository)中搜索WPS 隐藏登录(WPS Hide Login)。
单击立即安装(Install Now),然后激活(Activate)插件。
如何配置插件(How to Configure the Plugin)
要访问插件设置,请转到Plugins > Installed Plugins。单击WPS 隐藏登录插件下的设置。(Settings )
向下滚动到WPS 隐藏登录(WPS Hide Login)部分。
正如您在上面的屏幕截图中看到的,您必须做出两个决定。
- 您的新登录网址
- 尝试转到您的默认WordPress页面的人的重定向URL
选择新的登录URL时,请使用唯一且随机的字母和数字组合。如果您使用一些容易猜到的东西,您将无法更改您的WordPress登录URL。
您的下一个选择是重定向页面的URL。一个建议是如果您还没有 404 错误页面,请创建一个。
如果您没有404 错误页面(404-error page),则有一个插件。
或者,您可以设置重定向到您的主页。完成后,单击保存更改(Save Changes)以使新 URL 生效。
测试您的新 WordPress 登录 URL(Test Your New WordPress Login URL)
尝试在搜索栏中输入您的默认URL :
Yourdomain.com/wp-login
如果您的设置正确,您应该会看到类似于下图的内容。
如果您出于任何原因想要返回默认的WordPress登录,请停用(WordPress)WPS 隐藏登录(WPS Hide Login)插件。
Is Your Website 100% Safe Now?
不要有错误的安全感。除了使用WPS 隐藏登录(WPS Hide Login)插件外,请采取其他预防措施。
黑客无情。他们一直在寻找破坏网站的新方法。除了更改您的WordPress登录URL之外,您还应该遵循基本的WordPress安全提示。
- 使您的WordPress版本、插件和主题保持最新
- 使用Malcare等安全插件主动阻止恶意机器人和恶意 IP 地址
- 安装 SSL 证书
- 使用限制登录尝试重新加载(the Limit Login Attempts Reloaded)插件来限制登录尝试
- 使用 BlogVault 等插件备份文件
- 选择一个唯一且安全的密码和用户名
- 实施双因素身份验证插件,例如Google Authenticator – WordPress 双(Google Authenticator – WordPress Two) 因素身份验证(Factor Authentication)(2FA)
没有万无一失的方法可以防止黑客访问您的网站。然而,这并不意味着你应该让他们更容易。
如您所见,更改默认WordPress登录URL很简单,您应该这样做。为什么要给黑客你前门的钥匙?
How to Change Your WordPress Login URL for Better Security
WordPress (WP) is the most poрular content management system (CMS), holding 60.8% of the market share.
However, one of its most significant weaknesses is that so many WordPress hackers know how to get in the front door of WP websites.
By default, the main WordPress login URL is yourdomain.com/wp-admin.php. There are two other URLs you can use that will redirect to the same default login page:
- yourdomain.com/admin
- yourdomain.com/login
Why not make it more difficult for potential hackers to find your login page? This article will show you how and why to change your WordPress admin login URL.
Why Change Your WordPress Login URL?
Although using the default WordPress login URL is an easy way to remember how to access your site, it also makes it too easy for hackers.
You can at least slow down hackers by changing your login URL to something that’s harder for them to find. There are various techniques malicious actors use to hack a WP site, with brute force attacks being the most common.
A brute force attack is when the hacker tries to get access to your site by continuously trying various combinations of usernames and passwords until they find the right one.
Although they aren’t always successful, these attempts can wreak havoc on your site should they gain access. One simple precaution is not to use passwords that are easy to guess such as “12345” or “abcde”. Also, don’t use admin for your username.
Did you know that there are over 90,000 hack attempts per minute every day? Whether your website is small or large, attempts to hack into your site are imminent and unavoidable.
Brute force attacks overload your hosting server’s memory by repeatedly making HTTP requests in rapid succession. Even if the hacker is not able to gain access, the sheer number of requests is enough to push the web server beyond capacity and can crash your site.
If successful, the hacker will have access to your WordPress dashboard as an admin. The most recommended solution to prevent all of these issues is to change your default WordPress login URL to a new one.
Should You Change Your WordPress Login URL Manually?
If you’re tempted to try to change your login page URL manually, we highly recommend you don’t. Although you can access your website files directly with FTP or other methods, it’s not a good idea for the following reasons:
- Each time WordPress updates, it will recreate the login page file, making it necessary for you to change the URL again.
- You may inadvertently create issues with your site’s functionality, including errors with the logout screen.
- There are often unintended negative consequences when you alter your site’s core files, especially when you don’t have to.
Use WPS Hide Login Plugin
WPS Hide Login is a light WordPress plugin to safely and efficiently change the URL of your WordPress login page.
It’s a light plugin that lets you safely and easily change the login form page URL. It does not add rewrite rules, modify files, or rename core files.
Instead, WPS Hide Login intercepts page requests and renders your wp-login.php page inaccessible. Make sure you write down or bookmark your new login page so you can access it later.
How to Install WPS Hide Login
You can download the plugin or upload it from the backend of WordPress by searching for it. Go to Plugins > Add New. Search for WPS Hide Login from the WordPress Plugin Repository.
Click on Install Now and then Activate the plugin.
How to Configure the Plugin
To access the plugin settings, go to Plugins > Installed Plugins. Click on Settings under the WPS Hide Login plugin.
Scroll down to the WPS Hide Login section.
As you can see in the screenshot above, there are two decisions you must make.
- Your new login URL
- The redirect URL for people who try to go to your default WordPress page
When choosing your new login URL, use a unique and random combination of letters and numbers. If you use something easy to guess, you will be defeating the purpose of changing your WordPress login URL.
Your next choice is the URL of the redirection page. One suggestion is to create a 404-error page if you don’t already have one.
If you don’t have a 404-error page, there’s a plugin for that.
Or, you can set the redirection to your home page. When done, click Save Changes for the new URL to take effect.
Test Your New WordPress Login URL
Try typing your default URL into a search bar:
Yourdomain.com/wp-login
If your settings are correct, you should see something like the image below.
If you want to return to the default WordPress login for any reason, deactivate the WPS Hide Login plugin.
Is Your Website 100% Safe Now?
Don’t get a false sense of security. Take other precautions in addition to using the WPS Hide Login plugin.
Hackers are relentless. They are always looking for new ways to disrupt websites. In addition to changing your WordPress login URL, you should follow basic WordPress security tips.
- Keep your WordPress version, plugins, and themes up to date
- Use a Security Plugin such as Malcare to block bad bots and malicious IP addresses proactively
- Install an SSL Certificate
- Use the Limit Login Attempts Reloaded plugin to limit login attempts
- Back up your files with a plugin such as BlogVault
- Choose a unique and secure password and username
- Implement a two-factor authentication plugin such as Google Authenticator – WordPress Two Factor Authentication (2FA)
There’s no foolproof way to prevent hackers from accessing your site. However, that doesn’t mean you should make it easier for them.
As you can see, changing the default WordPress login URL is simple to do and you should. Why give hackers the key to your front door?