Secure wordpress by renaming admin files

Leave a reply

After we install the wordpress, the login path is wp-login.php, signup path is wp-signup.php and the manage url is wp-admin, I think it’s not secure enough, so I want to rename the wp-login.php and wp-admin to secure the wordpress website. This is the steps that I used to rename the files.

Download the wordpress to local machine

The first step that I have done is compress the wordpress directory, and download it to local machine, then I add it to manage with git.

Rename wp-admin and secure name

Generate secure name

To secure the wp-admin directory, I use a tool to generate a random string to replace with wp-admin, so it should not easy to guess, for example, I generated a name like Gk143L9IxOpW.

Replace all the occurrences of wp-admin

  1. Rename wp-admin/ to Gk143L9IxOpW/
  2. Rename 'wp-admin' to 'Gk143L9IxOpW'

I used the VS-Code to replace all the occurrences of wp-admin/ and 'wp-admin'. I do this because there are some wp-admin in css files, and I don’t want to replace this strings. After updated the files, then review with git, remove some useless replacements.

Rename wp-admin to secure name

Then rename the directory name from wp-admin to Gk143L9IxOpW.

Commit changes

In order to keep the change records, I will commit the changes to git, and change the wp-login.php next.

Rename wp-login.php to secure-login.php

Generate a secure name for wp-login.php

I updated the wp-login.php to another name, and I just generate another random name for wp-login.php, for example, I will change it to FUvg024Rdt1Q.php.

Replace the occurrences of wp-login.php

I still use the VS-Code to rename the wp-login.php to FUvg024Rdt1Q.php, and review with git to discard the useless changes.

Rename the wp-login.php to secure name

Then rename the wp-login.php to FUvg024Rdt1Q.php

Commit changes

Commit the changes to git, so we can review the changes next time.

Rename wp-signup.php

The signup url also redirect to login page, so we also need rename wp-signup.php to secure our wordpress.

The process for rename wp-signup.php is similar as the process of rename wp-login.php file.

Update remote website

Upload the changed folder to remote and replace the content of the wordpress, and login with the secure name.

Leave a Reply

Your email address will not be published. Required fields are marked *