Pantheon Community

Renaming the WP Login Page

I have noticed that I have been getting a lot of attempted logins on my WP site. Looks to be scraping users/authors and attempting to login as them. They are all failing of course, but it still makes me nervous.

I do need to put my site behind an additional firewall, such as Cloudflare or Sucurri, but cannot do that yet for a list of reasons that I don’t want to get into here. Once I do that I know that I can block IPs, etc.

My questions is, does anyone have any experience with renaming the wp-admin with Pantheon? I know that there are plugins that do this, as well as just modifying the functions code. Any known conflicts with host?

Also, another caveat is that I DO have WooCommerce and still need customers to login to their accounts. I just don’t want unknown admin login attempts. I don’t think that you can seperate these login types though.

Hi Luke,
There are a couple of ways you could go about that.
First, you can restrict access to wp-admin /wp-login by IP without an additional firewall.

Second, use a plugin as you suggested. iThemes Security is one, and has a “hide the backend” feature. Note some other iThemes Security features require write access to nginx.conf which is not allowed. See our docs for details.

Not sure you could “hack core” by renaming/moving core php files without breaking your ability to do updates. But the above two options should work w/testing.

Hey Luke,

Yes, there are quite a few plugins that can block out things too. Another one that comes to mind is: https://wordpress.org/plugins/restricted-site-access/

As for the renaming of folders, not the greatest as WordPress core would be a little confused too when looking for things. The upstream updates would be a bit trickier as well because of all the modified file paths.

1 Like