Is it safe to rename "wp-login.php" temporarily after logging in?

  • Hello,

    If our blog is under brute force attack or if someone is trying to login using bots… then is it safe to manually rename example.com/wp-login.php to something like example.com/wp-login_uhsdkjahs.php so that example.com/wp-login.php shows a 404 error.

    I hope.. it’s fine if we are doing this after logging in.. so that in case we’re logged out we can rename backt o wp-login using FTP. So I want to confirm whether this wp-login file is required for the functioning of wordpress (for admin or for visitors).

    Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)

  • It seems somewhat cumbersome to keep doing this. If you are under attack, have you considered using Cloudflare?

    Great idea Mahesh. I think you should experiment this by making one new website of wordpress. Just you need to do is upload with a theme, no need of adding content or so.

    Thread Starter Mahesh Mohan

    (@maheshone)

    Yes @nancie,

    I tried this on a test blog and I was able to browse the website as usual… The example.com/wp-login.php address retruned a 404 error as expected..

    but was wondering whether I missed something.. because almost all tutorials were recommending using some plugins or tweaking .htaccess file. So I was confused whether it’s the perfect solution or not.

    Thread Starter Mahesh Mohan

    (@maheshone)

    Hi @esmi,

    No, I didn’t try Cloudflare… the interesting thing is.. I was already using Google CDN at that time (Google PageSpeed Service)… but had to disable it because last time according to HostGator the issue was caused by Google CDN.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Is it safe to rename "wp-login.php" temporarily after logging in?’ is closed to new replies.