WordPress security explained
WordPress security explained

Why you need to use Custom login URL for your WordPress

Why is Custom login page a useful feature that saves your money and spare your nerves


The security through obscurity phrase is pretty popular among wordpress.org developers. It seems that those guys have small experience with real network security. Perhaps they don’t have such an experience at all? They think that a hidden or non-standard WordPress login page is intended to protect a website from hackers. They repeat like a mantra that security through obscurity is a stupid way to protect a website and we should not use it. To be exact, they recently changed their mantra to a bit modified one “Security through obscurity is generally an unsound primary strategy”. But, guys, why do you think that someone wants to protect WordPress by using a Custom login page?

First of all, experienced network engineers or developers do not protect WordPress or any other website by hiding login page. Let me explan.

Custom login page is intended to:

  1. Reduce the attack surface. It reduces the amount of server resources for handling malicious requests and human resources to maintain all those attempts to hack a website. Let’s save our money and spare our nerves?
  2. Create a trap for bots and inexperienced hackers. This is a technique that WP Cerber uses to catch and track all those bots and hackers and to lock them out. When some bot stupidly sends requests to the default WordPress login URL wp-login.php, the WP Cerber plugin easily detects this malicious activity because legitimate users use the Custom login page instead. According to the statistics of using WP Cerber with configured the Custom login page, about 90% of bots try to use wp-login.php to break-in to a website.

How to configure Custom login page?

You can create your own Custom login page (rename default wp-login.php) in no time. After you have configured the Custom login URL, the plugin will display default wp-login.php page with a newly configured URL. Read more: How to rename wp-login.php.

Last posts from WordPress security blog


I'm a team lead in Cerber Tech. I'm a software & database architect, WordPress - PHP - SQL - JavaScript developer. I started coding in 1993 on IBM System/370 (yeah, that was amazing days) and today software engineering at Cerber Tech is how I make my living. I've taught to have high standards for myself as well as using them in developing software solutions.

View Comments
There are currently no comments.