Ways to Secure your WordPress Login


As any WordPress user would know, if someone gets hold of username and password of a WordPress Blog, anything can be done then. There number of ways to secure your WordPress Blog login, including .htaccess blocking, Banning several Ips, using SSL for admin login etc etc etc.

Sadly, these techniques require some sound know-how and knowledge. However, good news is there are easier ways to achieve the same. There are two basic ways to do so: Change your default username from ‘admin’ to any other unique name and other one is using a unique hidden directory to publish your blog.

Sound confusing, well read ON, I am sure you will able to implement atleast one of them on your blog instantaneously!

1. Change the default username ‘admin’
Wordpress install by default gives the username as admin and sadly most of us don’t bother to change it then. So, for a hacker your have reduce his work by half. He will know your username and now only task of cracking your password is left. So, immediately change your login username from admin to some other unique name. There are two ways of doing so:

– In case you are about to perform fresh WordPress install, then you will get option to select your username.

– In case you want to change username on existing blog, then following is the manual process.

Goto your PhpMyAdmin, look for table wp_users and then edit the entry for username using change username option. Other way to do so is, when in PhpMyAdmin, click on SQL option and copy paste the following query:

update tableprefix_users set user_login=’newuser’ where user_login=’admin’;

Note: you need to replace tableprefix with your wordpress tableprefix. Generally it is wp_users

2. Use Unique Hidden directory for WordPress publishing:
If you are going to create WordPress Blog, then this option is better. In your root, make any folder say ‘XYZ’ and install WordPress in that folder.

Then you need to edit one option so that your files actually point to Root and not to folder XYZ. Normally permalink of a post will be www.root.com/XYX/post_name, but we need to have www.root.com/post_name

For this, in your WP dashboard, click on Options and then click on general button. In WordPress URL type: http://www.root.com/XYX and in Blog URL type:http://www.root.com/

After this copy index.php and then upload it in root. Also, you need to edit index.php Change the line that says: require(‘./wp-blog-header.php’); to require(‘./XYZ/wp-blog-header.php’); You can read more about this here.

So, all pages on your blog will appear as if WordPress is installed in root. Also to access your WP dashboard you need to use URL: www.root.com/XYZ/wp-login.php



  1. nice tuturial. i already changed my admin login. but i suggest bloggers should also do something about their wp-config.php .. transferring it to a non www location and just use an include php function.

  2. I did not believe, that it could be rtue..

  3. Secure Wordpress Login says

Add a Comment