Never keep WordPress default login path
Maintaining the default login path on a WordPress website represents a significant security issue.

Test the health of your website with our Security Checker.

Hire our Managed WordPress service and forget about problems on your website.

The default login path in WordPress is “wp-admin” or “wp-login.php”, and it is the gateway to the WordPress administration panel. Leaving this URL unchanged makes it easy for potential attackers to do their job, as they know the entry point for logging into the website. The problem lies in the fact that attackers can perform brute force attacks or use techniques to try to guess the login credentials to the website. By knowing the login path, attackers have an advantage in initiating their unauthorized access attempts. In addition, if common usernames, such as “admin,” are used in conjunction with weak passwords, the likelihood of successful access increases even further. Maintaining the default login path also makes it easier for automated attacks (which are the majority). Bots and automated vulnerability scanning tools can specifically look for the default login URL on a large number of websites to find vulnerable targets. Once they find a site with the known login URL, they can initiate systematic attacks in search of security breaches. To address this security issue, it is advisable to change the default WordPress login URL to something unique and hard to guess. This can be achieved by using plugins. In addition, it is critical to use strong usernames and strong passwords for administrator accounts. By taking these measures, you make it harder for potential attackers and strengthen the security of the WordPress website. As an additional security measure, you should change the default account name “admin”. To give more security to our customers, at NeoCompute we even block the IPs that try to use that account to access the web pages, thus eliminating most automatic attack attempts.

Skip to content