Rename wp-admin and wp-login.php
After we install the wordpress, the login path is wp-login.php and the manage url is wp-admin, I think it’s not secure enough, so I want to…
After we install the wordpress, the login path is wp-login.php
and the manage url is wp-admin
, I think it’s not secure enough, so I want to rename the wp-login.php
and wp-admin
to secure the wordpress website. This is the steps that I used to rename the files.
Download the wordpress to local machine
The first step that I have done is compress the wordpress directory, and download it to local machine, then I add it to manage with git.
Rename wp-admin and secure name
Generate secure name
To secure the wp-admin
directory, I use a tool to generate a random string to replace with wp-admin
, so it should not easy to guess, for example, I generated a name like Gk143L9IxOpW
.
Replace all the occurrences of wp-admin
- Rename
wp-admin/
toGk143L9IxOpW/
- Rename
'wp-admin'
to'Gk143L9IxOpW'
I used the VS-Code to replace all the occurrences of wp-admin/
and 'wp-admin'
. I do this because there are some wp-admin in css files, and I don’t want to replace this strings. After updated the files, then review with git, remove some useless replacements.
Rename wp-admin to secure name
Then rename the directory name from wp-admin
to Gk143L9IxOpW
.
Commit changes
In order to keep the change records, I will commit the changes to git, and change the wp-login.php next.
Rename wp-login.php to secure-login.php
Generate a secure name for wp-login.php
I updated the wp-login.php to another name, and I just generate another random name for wp-login.php, for example, I will change it to FUvg024Rdt1Q.php
.
Replace the occurrences of wp-login.php
I still use the VS-Code to rename the wp-login.php
to FUvg024Rdt1Q.php
, and review with git to discard the useless changes.
Rename the wp-login.php to secure name
Then rename the wp-login.php
to FUvg024Rdt1Q.php
Commit changes
Commit the changes to git, so we can review the changes next time.
Update remote website
Upload the changed folder to remote and replace the content of the wordpress, and login with the secure name.