WordPress is a free and open-source content management system (CMS) written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, which allow users to customize their websites without having to write code.

WordPress was created as a blog-publishing system, but it has since evolved to support other types of websites, including personal portfolios, small business websites, and e-commerce stores.

By default, WordPress uses the wp-login.php and wp-admin.php pages for users to log in to your website and access the WordPress dashboard, respectively. However, if you want to increase the security of your WordPress site, you may want to disable these pages and redirect users to your homepage instead.

Disabling wp-login.php and wp-admin.php

To disable the wp-login.php and wp-admin.php pages, you can add the following code to your website’s .htaccess file:

Code snippet:

RewriteRule ^wp-login\.php$ - [L]
RewriteRule ^wp-admin$ - [L]
RewriteRule ^wp-admin/ - [L]

This code will tell your web server to redirect all requests to the wp-login.php, wp-admin, and wp-admin/ directories to a blank page. This will prevent users from being able to log in to your website or access the WordPress dashboard.

Redirecting to Homepage

To redirect users to your homepage instead of the blank page, you can add the following code to your website’s .htaccess file:

Code snippet

RewriteRule ^wp-login\.php$ https://www.example.com [R=301]
RewriteRule ^wp-admin$ https://www.example.com [R=301]
RewriteRule ^wp-admin/ https://www.example.com [R=301]

This code will tell your web server to redirect all requests to the wp-login.php, wp-admin, and wp-admin/ directories to your homepage.

READ
How to Use a VPN Safely: A Beginner’s Guide

Note: Disabling the wp-login.php and wp-admin.php pages and redirecting users to your homepage will make it more difficult for unauthorized users to access your WordPress site. However, it is important to note that these pages are not the only way to access your WordPress dashboard. If a determined attacker knows your username and password, they may still be able to log in to your site using other methods.

Redirecting in functions.php

To redirect the wp-login.php and wp-admin.php page without breaking these features, you need to add the following code to your theme’s functions.php file:

add_action('init','custom_login');
function custom_login(){
 global $pagenow;
 //  URL for the HomePage. You can set this to the URL of any page you wish to redirect to.
 $blogHomePage = get_bloginfo('url');
 //  Redirect to the Homepage, if if it is login page. Make sure it is not called to logout or for lost password feature
 if( 'wp-login.php' == $pagenow && $_GET['action']!="logout" && $_GET['action']!="lostpassword") {
     wp_redirect($blogHomePage);
     exit();
 }
}

Additional Security Measures

In addition to disabling the wp-login.php and wp-admin.php pages and redirecting users to your homepage, you can take additional security measures to protect your WordPress site. These measures include:

  • Using a strong password for your WordPress administrator account.
  • Enabling two-factor authentication for your WordPress administrator account.
  • Installing a security plugin for WordPress.
  • Keeping your WordPress software up to date.

By taking these steps, you can help to keep your WordPress site safe from unauthorized access.

READ
How to Use a VPN Safely: A Beginner’s Guide