change wp-admin folder

I’m running some WordPress websites and I have googled this several times without being able to find an concrete answer to my problem.

I have my sites protected with a login-lock plugin which locks an IP for a certain time if that IP tries to login with wrong credentials repeatedly.

Read More

So my problem is that I keep receiving alerts and alerts of IPs trying to login to my backend. I know I could turn those notifications off, but I would like to solve this correctly.

So I have seen some good WP sites where you can type the /wp-admin and nothing is shown, you get a 404 or you are redirected to homepage. I have also read here about a plugin called stealth login but plugin is no longer listed on wordpress site.

I have also saw some plugins that work with IPs and restrict the folder to certain IP but on my ISP I have a dynamic IP so if I have a new one I’d not be able to see the wp-admin folder.

I’d like to know if there is a standardized or a good way to fix that and hide the wp-admin directory to public.

Related posts

Leave a Reply

2 comments

    • The below code will prevent browser access to any file in these directories other than “a.b.c.d” which you should change to be your static IP address.

    order deny,allow
    allow from a.b.c.d # This is your static IP
    deny from all
    
    • OR restrict the directory with a password:

    AuthUserFile /etc/httpd/htpasswd
    AuthType Basic
    AuthName "restricted"
    Order Deny,Allow
    Deny from all
    Require valid-user
    Satisfy any
    

  1. I use the following in my .htaccess file in the wp-admin folder:

    order deny,allow
    allow from 12.34.56.78 # My IP
    deny from all
    

    It will give a 404 error to anyone not on that IP address.

    I also use the same for the wp-login.php page. Put this in your root .htaccess file:

    <Files "wp-login.php">
    Order deny,allow
    Deny from all
    Allow from 12.34.56.78
    </Files>