Today, Lao Zuo encountered a netizen who suggested that the website access speed was relatively slow, and then informed the log that his website WordPress default login address wp-login.php had been crawled all the time. Because the background account information had been cracked, the database resources were occupied and the website resource bandwidth was insufficient, and the access was reduced.
When encountering such problems, we can first mask the captured IP address, and second, we can modify and mask the default login address of WordPress. Of course, plug-ins are also used to directly restrict background login addresses from accessing specific IP addresses. However, this method may lead to changes in our own IP address access, making it impossible to log in. Therefore, we can use the best method to modify the default login address.
First, login article renaming
1. Change the file name of wp-login.php in the root directory of the wordpress program website to laobuluo.php or the name we set ourselves. Then we change all the characters wp-login.php appearing in this file to laobuluo.php
2. Find the wp-includes/general template. php file in the root directory, except the code line 238
$login_ url = site_ url('wp-login.php', 'login');
At the same time, we also need to replace the wp-login.php in this file with laobuluo.php. Note that the original file needs to be overwritten and saved after the modification
3. At the same time, we are also willing to use the Limit Login Attempts plug-in to lock the IP after setting the number of consecutive login errors.
Second, do not understand the modification of built-in files
In the above file, whether we modify to the WP system file is troublesome.
//Modify WP background login address laozuo.org
function login_ protection(){
if($_GET['newlogin'] != 'laozuo')header('Location: https://www.laobuluo.com/ ');
}
add_ action('login_enqueue_scripts','login_protection');
Add to the Functions.php file of the current theme.
You must open http://our website address/wp login. php? Newlogin=laozuo, the login page will be opened, otherwise, it will automatically jump to the home page.
In this way, these two methods can modify the default login address of WordPress. Let's choose one. Here is a small problem. If we choose the second one, if we use cache, we may have an error after logging in. But at this time, we may have logged in. In fact, we can log in to the background by directly opening http://our website address/wp admin.
Scan the code to follow the official account
Get more news about webmaster circle!
Entrepreneurship, operation and new knowledge
