Your WordPress dashboard is the primary admin area where you build and manage your WordPress website.
Beginners often have problems finding the login link to their WordPress dashboard, which prevents them from working on their website.
How can I login to my WordPress dashboard?
By default, WordPress has several suffixes you can use in the website URL to access your WordPress dashboard.
Here are some examples:
All these URLs take you to the WordPress dashboard login page and are based on redirects.
If for some reason these don’t work, you can try an alternative URL:
Make sure to replace example.com with your domain name.
The same goes if you install WordPress in a subdirectory:
Or on a subdomain:
Once logged in, WordPress redirects you to the admin area located in the wp-admin folder.
I can’t remember these URLs!
No problem, you don’t need to! You can bookmark the WordPress login URL in your browser bookmark toolbar, or you can add the login link directly to your website in the sidebar, header, footer or menu.
There are two ways to add the login link to your website:
Head to Appearance > Menus in your WordPress dashboard, expand the Custom Links option on the left.
Fill in your Dashboard URL and Link Text and click Add to Menu:
Click Save Menu on the right to save changes.
That’s it! Your login link will then appear in your website’s menu:
The second option is to use the Meta widget on your website. This widget adds all sorts of information to your website – login page, link to WordPress.org website, link to RSS feed, link to comments feeds, etc.
Head to Appearance > Widgets, and drag the Meta widget to your site’s sidebar or a widget-ready area (depending on your theme):
Fill in the title, and click Save to save changes.
Refresh your website, and you’ll see the meta widget with the Site Admin login link in your sidebar:
Bypassing the WordPress login page
If you don’t want to fill in login details every time, you can use the WordPress Remember Me feature.
Head to your login page, fill in your login details and tick the Remember Me box:
Once you log in, WordPress won’t prompt you to login again for the next 14 days (if you don’t play with your browser cookies setting).
If you can’t remember to check this box each time you log in, you can use the free Remember Me plugin, which will automatically check this box for you.
Changing the WordPress login page
As you have learned previously, the default WordPress login URL suffixes are always the same, which makes it easy to remember and bookmark but vulnerable to hackers and malicious attackers to find the front door to your website.
Using a strong password for your admin user helps, but it’s also a good idea to make things even harder for hackers by changing the login page link (suffix).
This can help tremendously to fight off the random hacks, attacks, and brute-force attempts.
Brute-force attacks are hacking attempts where hackers try to repeatedly figure out your username and password, using lists of standard usernames and passwords that may have leaked on the web.
They perform thousands of login combinations using scripts (bots) that automate all of these attempts. Either your username or password may be in one of these leaked lists, so when you add the default login URL to the combination – you’re making it easy for hackers to try and break into your website.
So, how can we change the default login URL?
WPS Hide Login plugin
Easy! We’ll use a WordPress plugin called WPS Hide Login.
This plugin is entirely free, it’s lightweight and it doesn’t change any core WordPress files (this is a good thing).
Log in to your WordPress dashboard, head to Plugins > Add New, fill in WPS Hide Login in the top-right search bar and click Install Now:
Once installed, click Activate to activate the plugin:
Head to Settings > WPS Hide Login, and fill in your new login URL and the redirection URL (a page where a user that doesn’t know the correct login URL is redirected to):
Click Save Changes to save the changes.
IMPORTANT: Once you click Save Changes – the old login URLs will no longer work, and the new login URL will come to effect. Make sure to remember or bookmark the new login URL.
If you experience any issues – you can either deactivate the plugin or delete it via FTP.
Beefing up your WordPress website security
In addition to changing the default WordPress Dashboard login URL, it’s a good idea to limit the number of attempts hackers can execute on your login page.
To limit login attempts to your WordPress dashboard, we recommend another free plugin called Limit Login Attempts Reloaded.
This plugin will stop hackers from endlessly trying to guess your admin login details.
Install and activate the plugin using the steps outlined previously, and head to Settings > Limit Login Attempts.
Click the Settings tab to configure the plugin.
Here you can configure how strict you want this plugin to be. You can use the default settings as they’re okay, or you can customize the rules.
Here’s a quick breakdown of the available settings:
- Notify on lockout – send you an email after X failed attempts of login to your WordPress dashboard
- Allowed retries – number of attempts a single IP address can make before they’re locked out
- Minutes lockout – how long the IP address is blocked from attempting logins again
- Lockouts increase – how long the IP address is blocked if it has failed attempts repeatedly
- Hours until retries – how long until the block is fully reset for an IP address
We recommend changing your WordPress dashboard login URL and adding another layer of security by limiting the number of repeated login attempts.
These two security steps will help keep your website safe and give you peace of mind for your WordPress website’s security.