Being hacked sucks. Your beautiful website is suddenly black, with big red writing saying terrifying things, and an ugly little man in the middle making rude gestures. It makes your stomach sink as fear kicks in – who would do this? What am I going to do?

It’s nothing personal, it happens. But you want to do everything in your power to prevent it, right?

An important step in combatting hackers is to change your login address away from Most WordPress sites use wp-admin or wp-login, so it’s one of the first places hackers start. You can easily take away that option.

Log into your WordPress dashboard.

If you have attended one of my workshops you’ll have the ‘All in One WP Security’ plugin installed. Or you might have it anyway. If not, install it now.


[EDIT – Don’t do this if you already have another security plugin installed. In that case you need to do some more research – does it offer the same option?]

Hover over WP Security and select Brute Force.
All in One WP Security Brute Force
Then select the Cookie Based Brute Force Prevention tab.
Cookie Based Brute Force Prevention
Tick the box to Enable Brute Force Attack Prevention. Input your own special secret word, ensuring you use both letters and numbers. In the example below I used S3cr3tW0rD, but you should use something different. Click Save Feature Settings.
Secret Word

Once you’ve saved you’ll see a new message up the top, giving you your new secret login address. Ensure you copy and paste your new login address into wherever you keep your login details.

Secret Login
That’s it! From now on use your new secret login address whenever you update your site.