It is difficult for beginner users who interact with WordPress to log in to their accounts. In this article, I’ll explain how to find your WordPress login URL and other basics that need to be emphasized about the login process.
- The importance of WordPress login
- How to find WordPress login URL
- How to change the WordPress login page
- How to solve the most common problems of WordPress login
The importance of WordPress login
After installing WordPress, you will have access to your site’s administrative dashboard, where you can set up your site and change some content as needed.
This will be impossible if you do not have access to the administrative page. The login page is the reason why you and others cannot access the administrative “aspects” of the WordPress site.
If you do not have access to the administrative area, it is almost impossible to have complete control of your website / blog.
But where is this WordPress login page?
How to find your WordPress login URL:
You can access the WordPress login page by adding / login/, / admin/, or / wp-login.php at the end of the site URL.
If you install WordPress on a subdirectory (www.yoursite.com/wordpress/) or subdomain (blog.yoursite.com/), add one of the three paths at the end of the URL, such as www.yoursite.com/wordpress/wp-login.php or blog.yoursite.com/wp-login.php
How to find WordPress login URL
Finding the WordPress login page may be easier than you might expect. In a new WordPress installation, add at the end of the URL on your website/admin/(for example:)www.yourawesomesite.com/admin/Or/login/(for example:) redirects you to the login page.www.yourawesomesite.com/login/
Typically, these two should take you directly to your WordPress login page. If this does not happen, there is another way to access your login page: you can/wp-login.phpAdd at the end of the URL, as shown in the following example:www.awesomesite.com/wp-login.php.
How to find WordPress login URL on a subdirectory or subdomain
All of this applies to standard and new WordPress installations. But you may have installed WordPress in a subdirectory of your domainwww.yourawesomesite.com/wordpress/For example.blog.yourawesomesite.com/
If this is the case, you need a slash at the end of the subdirectory or subdomain (that is,/Symbol) and append one of the above paths to get the following:
-
www.awesomesite.com/wordpress/login/Or www.awesomesite.com/wordpress/wp-login.php
No matter which one you use, any one of them should take you to your WordPress login page. If you don’t want to forget it, please bookmark your preferred URL.
Or, there is a “remember me” option in the WordPress login form, which allows you to stay logged in and access the administrative dashboard for a few days without having to log in again (based on how your cookie is set up):
The “remember me” option on the WordPress login form
Logging in through the WordPress login page is a key and simple task. If there are no errors and / or malicious actions on your website, you will need your email address / username and password.
That’s all. Unfortunately, bad guys are everywhere and your website may be a target.
So, what can you do to stop them?
Let’s at least move the login page!
How to change the WordPress login page
Hackers and malicious attackers (also known as bad guys) should not visit your login page because they may visit your site’s administrative page and start screwing things up. No good experience, believe me!
While using strong, unique, long passwords does help prevent unauthorized access to your site, there is never enough you can do when your security is compromised.
A quick and effective way to stop the bad guys is to move the WordPress login page to a new unique URL. Changing the login URL through which you and your users can access your WordPress website is very helpful in fighting random, hacker, and violent attacks.
A sentence about a brute force attack: a brute force attack is an attempt by a hacker to repeatedly guess your user name and password and take advantage of a list of common user names and passwords leaked on the network. What they do is try thousands of combinations, using automated scripts for all their attempts.
Your WordPress password or user name is likely to appear in one of these leaked lists in the world today. If you add WordPress login standard URL is known in this scenario, then you will know how easy it is for hackers and malicious attackers to access your WordPress site.
This is why moving the WordPress login page to a different path can help you.
Use the plug-in to change your WordPress login page
The most common and perhaps the easiest way to change the WordPress login URL page is to use a free plug-in, such as WPS Hide Login, which is actively used by more than 800000 users.
The plug-in is very lightweight and, more importantly, it does not change any files in the core or add rewriting rules. It just intercepts the request. It is also compatible with BuddyPress, bbPress, restricted login attempts, and user switching plug-ins.
WPS Hide Login plug-in
After downloading and activating, all you need to do is:
- Click WPS Hide Login in the Settings tab in the right sidebar.
- Add a new login URL path in the Login URL field.
- Add a specific Redirection URL to the Redirection URL. This page is triggered when someone tries to access the standard wp-login.php page and the wp-admin directory without logging in.
- Click Save Changes.
WPS Hide Login plug-in
Note: after clicking the “Save Changes” button, your new login page will take effect. Therefore, your old login URL will no longer be valid! You will need to update your bookmarks. If you have any questions, you can always get back to normal through the SFTP removal plug-in on the Web server.
Another advanced plug-in that can be used to change the login URL is Perfmatters.
Since changing your WordPress login URL can help prevent shallow attackers from accessing your site, I want to be clear here: experts and professional hackers may still redouble their efforts to find your login page.
So, why do you care? Well, security is a level game, and the quality of your hosting plays a key role. The more tools, skills, and walls you have, the harder it will be for bad guys to break into your site and gain control.
Changing your login URL also helps prevent common WordPress errors, such as “429 Too Many Requests”. This is usually generated by the server when the user sends too many requests within a given time (rate limit). This may be caused by robots or scripts accessing your login URL. End users rarely cause this error.
429 too many requests
Edit your .htaccess file to change the WordPress login page
Another more technical way to change or hide the WordPress login page URL is to edit your.htaccessFiles.
Usually used with cPanel hosts.htaccessThe main purpose of the file is to configure rules and set system-wide settings. Since we are talking about hiding the login page.htaccessSo you can deal with it in two specific ways.
The first is about using .htpasswd to password protect your login page so that anyone who accesses your login page needs to enter a password before visiting the login page. If your server uses Nginx, there are no files.htaccess.
You can use our htpasswd tool to protect your entire site. Or contact the server support team to lock your login page.
.htpasswd authentication prompt
The second option you have is to enable access to the login page based on the list of trusted IP addresses.
Restrict login attempts
Another effective security method is to limit the number of login attempts.
Or, you can download a free plug-in, such as Limit Login Attempts Reloaded.
Restrict reloaded login attempts
The options in the plug-in are very simple.
- Total Lockouts: provides you with the number of hackers who tried to break in but failed.
- Number of Allowed Retries: the number of attempts allowed by the IP address before it is locked.
Somewhere between four and six is probably the most popular retry. It allows real people who should have access to make mistakes (because, after all, we all make mistakes when entering passwords), realize that they have entered the wrong passwords, and fix their errors.
It is important to set it to the above two points, especially if you have frequent guest bloggers or several contributors who are responsible for managing your site.
- Minutes lockout: how long will the IP address be locked?
You may want to set it to “forever”, but it doesn’t help people who really make mistakes-you want them to eventually get themselves back into trouble. It will take about 20-30 minutes.
- Lockouts increase: because if it’s a brute force attack, it’s likely to make a comeback.
This function basically means “look”. I’ve seen you lock yourself out several times before, so now I’m going to lock you out for longer. A day is a good companion.
- Hours until retries: time to reset everything and get people to try again.
The plugin also allows you to manage whitelists, blacklists, and trusted IP.
How to solve the most common problems of WordPress login
Logging in to your WordPress site is a quick and easy task. However, some users-and you? You may encounter some problems when trying to visit their WordPress website. Such problems usually fall into one of the following situations:
- Password related questions
- Issues related to cookie
Let’s look at both and see how to solve them!
WordPress login: password lost / forgotten
If you are unable to log in, there may be something wrong with your login credentials.
Therefore, the first thing you should do is to check that the user name and password entries you entered are correct. This is a common mistake made by most of us, though it is rare.
Did it work? If not, you may want to change your WordPress password before trying something else. To do this, click lose password? The link directly below the login form:
Lost password link
You will be redirected to a page that will ask for your user name / email and will send you a new password:
How to get a new WordPress password
Manually reset the WordPress password using phpMyAdmin
If this doesn’t work, things get a little complicated because you need to reset your password manually. If you are uncomfortable with using database files, do not do so.
You can manually reset your WordPress login password by editing the password file on the database. If you can access the phpMyAdmin in the host, this should not be difficult.
Before making any edits to the database files, be sure to back up your site in case of problems.
Step 1
Now, log in to phpMyAdmin. If you are a pagoda panel user, you can find the website database login link in the pagoda dashboard.
Log in to phpMyAdmin
Step 2
On the left, click to enter your database. Then click the namewp_usersDonovan’s watch. Then click “Edit” next to the user login you want to reset.
Edit users in phpMyAdmin
Step 3
Inuser_passColumn, enter the new password (case sensitive). In the function drop-down menu, select MD5. Then click “Go”.
Reset password in phpMyAdmin
Step 4
Test the new password on the login screen.
Manually reset the WordPress password using WP-CLI
Another way to reset the WordPress password is to use WP-CLI. WP-CLI is a command-line tool for developers to manage common (not common) tasks of WordPress installation.
Step 1
First, use the following command to list all current users in the WordPress installation.
$ wp user list
Step 2
Then update the user password with the following command, user ID, and the new required password.
$ wp user update 1 --user_pass=strongpasswordgoeshere
Step 3
Test the new password on the login screen.
WordPress login: Cookie
In some cases, you may not be able to log in due to problems related to cookie. If so, you will usually encounter the following error:
Error: Cookie is blocked or not supported by your browser. You must enable cookie to use WordPress.
Cookie is blocked or does not support errors
WordPress login depends on cookie work. If they are disabled or do not work properly, you may encounter problems on the login page. The first thing to check is whether cookie is enabled in your browser:
- Cookie in Google browser
- Cookie in Mozilla Firefox
- Cookie in Internet Explorer
- Cookie in Safari
We often see this on recently migrated WordPress sites and WordPress multi-site sites. Sometimes simply refreshing your browser and trying to log in again will actually get you out of this error. You can also try to clear the browser cache or open another browser in stealth mode.
If none of the above methods work, you can try it in the wp-config.php file/* That's all, stop editing!...*/Add the following lines before
define('COOKIE_DOMAIN', false);
If it is a WordPress multi-site setting, you may need to check the folder/wp-content/Is there a file in thesunrise.phpAnd rename it tosunrise.php.disabled. this is the file used by the old domain mapping method.
Starting with WordPress 4.5, WordPress Multisite no longer needs plug-ins to map domains.
Summary
Your WordPress login page is the gateway that grants you access to the site. If you cannot log in successfully, you are just a website visitor.
This is why you should learn how to access this critical page so that you don’t waste a lot of time every time you need to log on to the WordPress site.
Want to improve your security a little bit? Use the custom URL of your choice to change the standard WordPress login URL and share the URL only with trusted people! In addition, be sure to review this guide if WordPress keeps logging you out.
(recommended: how to change your WordPress URL)
