According to the ranking of CMS global market share in April 2021, WordPress accounts for 64.7%, far exceeding the 5.4% of Shopify, the second ranking company, and has been the leader for many years.
Its background login address/wp login. php is also well known, which is vulnerable to violent attacks by intentional people and increases the server burden without reason. Therefore, hiding the background login address can avoid some trouble.
Third party plug-in
The simpler way is to install third-party plug-ins, such as WPS Hide Login , Limit Login Attempts Reloaded Etc.
Now let's introduce a method that does not use plug-ins.
Do not use plug-in modification method
Find the functions.php file under the currently used theme directory, add the following code to the end, and save it.
// https://www.mzihen.com/wordpress-hide-login/ add_action('login_enqueue_scripts', 'tb_wp_login_protection'); function tb_wp_login_protection(){ if( ! isset($_GET['yincang']) ){ header( 'Location: ' . home_url() ); exit; } }
Yincang can be changed to the characters you want. After modification, the login address is: your website domain name/wp login. php? yincang, Or: your website domain name/wp admin? yincang。
If it is not the above address, it will automatically jump to the home page of the website.
What about forgetting yincang?
Use the ssh command, ftp or the pagoda panel to view functions.php.
