Change Admin Login Url
In todays world of internet and blogging every thing is going fast and with that fast it is bringing many problems of security too.Recently i came across an incident that one of my friends wordpress Blog is loosing lots of its bandwidth without visitors nor having heavy traffic .Then we made a validation check(logs) for that website and found that some one is conducting a malicious operation of Bruteforce attack to crack password and login admin ID to hack or deface the website from different locations using proxies.
This can be a really serious problem if you have a very easy to crack password without complex one.Generally every wordpress website have a small identification called “powered by wordpress ” which lets hackers initiate a bruteforce attack to get logs of your username and password.
How is wordpress hacking Done
whenever a hacker comes to know that we are using wordpress as CMS and every blogger knows the root privileges of Admin account page normally wordpress gives default.It can be www.something.com/wp-admin.
Now this page if exists hacker tries to tamper with your wordpress account by sending anonymous queries to login page by some automated tools which needs login page redirection .when login page is initiated to password cracking tool then it tries to crack password with a range of 5,00,00 queries in 1 hour from different proxies per every 10 logins.If you are having a very low security password which can be bruteforced easily ,the tools can crack your password in 8-12 hours.
The tools generally used are John the ripper,cain&ABEL for sniffing passwords through cookies.
Can we stop those Attacks
yes,we can stop those attacks in various ways .But very affective and useful of those are only two methods.
1. Use strong password for login account page.
2.Completely change Login URL page of website .
The above two methods are good and flexible as far as my concern because using strong password can make the Bruteforce attack fail and attacker looses his patience and stops the attack.Generally passwords should contain !%^(# symbols, capital letters ,numbers ,small letters which make password cracking more difficult even login name is found.
But the main backdrop is that you will loose your monthly Bandwidth if you are not having unlimited Bandwidth plan.It makes your website slow .
If the password is not having any of those specified symbols are desired features the if bruteforce attack is failed there are many more attacks which a attacker can use like Rainbow cracking,Password list attack etc..
I personally recommend to use strong passwords and also change URL OF WORDPRESS site which gives better protection .
How to Change Url Of wordpress Login page with Plugin
Plugins makes our work easy and fast ,here is also a plugin which helps you to hide or totally change your login page url of your website .By doing this the atttacker actually finds for login page and when he cannot find the login page when tried for “wp-admin” then he have no chance to launch any type of attack towards wordpress website even he any how found our site is built with wordpress.
How to change URL
Download or install this plugin “https://wordpress.org/plugins/hc-custom-wp-admin-url/”.
As soon as you install go to settings then to “permalinks”and change your login page as you want.This can also done by htaccess file but hampering htaccess file unnecessarily can push you into problems.
I hope this is helpful to all bloggers.Keep blog safe .Safety, security is in our hands.Don’t use nulled or free themes plugins etc..