It’s not clear if Elisa is attempting to change the login for purposes of hiding the login or just because she wants to redirect her users to a fancier login page.
Apart from the fact that hiding things isn’t typically considered sound security advice, there are things that you can do to help prevent attacks on wp-login, like preventing access to Server Protocol HTTP/1.0. We have a write-up (which you and I have discussed previously) that makes a custom page for user logins. Although bots usually POST to the wp-login page what we describe prevents any GET access to that page and only allows POST. The combination of the two actions mentioned above keeps our fake, brute force and attempted logins to a very, very low amount (less than 5 attempts a month on a 20k per month visitor count). Granted, we have also integrated this entire process with F2B to block the bots at the firewall level.
If Elisa would like to take on a project to create a custom login page I would suggest reading our article on WireFlare: https://wireflare.com/wordpress-login-security-custom-login-page/.
- This reply was modified 20 hours, 44 minutes ago by AITpro Admin.
- This reply was modified 20 hours, 39 minutes ago by AITpro Admin.