The Stealth Login Plugin was a major help this week was an interesting week in regards to the WPInsite website. I received email after email stating that hackers were trying to gain access to the Admin Control Panel of the site.
Up until this point I had been using the standard WordPress Admin Control Panel login page located at: wp-login.php.I had taken one step to ensure that I was notified of unsuccessful login attempts. I am using the Limit Login Attempts plugin. This is a great plugin as after a desired unsuccessful attempts at logging in, the user trying to login is banned for 20 minutes from logging in and the Administrator of the site is notified by email. The other great feature is that the IP address of the user trying to gain access is recorded and sent in the email to the Administrator. This helps in tracking down the user’s Internet Provider and informing them that one of there members is attempting to hack into websites.
After thinking about and researching how I could stop hackers from trying to gain access into the Admin Control Panel I came across another fantastic plugin, “Stealth Login”.
This plugin allows you to change the actual Admin Control Panel URL of the login page. This way you are not tempting your users to try and login to areas they are not permitted it, because they do not know where the login page is.
Here are some of the features of the Stealth Login plugin:
Stealth Login Features
This plugin allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog. Instead of advertising your login url on your homepage, you can create a url of your choice that can be easier to remember than wp-login.php, for example you could set your login url to http://www.myblog.com/adminlogin for an easy way to login to your website.
You could also enable “Stealth Mode” which will prevent users from being able to access ‘wp-login.php’ directly. You can then set your login url to something more cryptic. This won’t secure your website perfectly, but if someone does manage to crack your password, it can make it difficult for them to find where to actually login. This also prevents any bots that are used for malicious intents from accessing your wp-login.php file and attempting to break in.
Stealth Login Plugin Screenshots
This plugin allowed me to change the actual login URl of the WPInsite Admin Control Panel.
One point though to consider. If you trying want to hide your Admin area use a URL name that is unique to you and not easy to be guessed by your users. URL’s like /admin or /login are examples of easy to guess login name.