Security: change your WordPress login URL

Several of my clients have reported a recent spike in WordPress brute-force password-guessing attacks.

Is this a worldwide increase, or just something we happen to have noticed?

It doesn’t really matter.

There's a good chance that sooner or later somebody is going to start hammering your site with millions of attempts to guess your admin passwords — which leads to two problems:

1. If they get in, you're compromised. That's a problem nobody wants.

2. If they fail, they’re still slowing down your website by using up server resources.

One simple step helps prevent both problems:

Change your WordPress login URL.

It's pretty easy to do and will eliminate all but the most determined of these attacks.

There are multiple free WordPress plugins that can do this for you.

You just need to install and configure the plugin (or have your outside specialist take care of it for you), and then tell your staff about the change, so they can still log in.

You don't have to do it.

But it's not very hard, and it's a big upgrade in your security.

So I strongly recommend it.

All the best,
A.