Especially for WordPress beginners, but also for advanced users, it can often be difficult to log in to your account. In the following article, I will give you the basics of the WordPress login and admin area, as well as other important tips that should be highlighted regarding the login process and access data.
Table of Contents
WordPress Login – First things first
Working with WordPress begins with the installation—if you choose to do it yourself. Once the installation is complete, you will receive your login details for the admin dashboard of your WordPress website. There, you can set up, modify, and customize your website according to your preferences.
However, if you no longer have access to your WordPress dashboard, you will of course no longer be able to manage your website. The login page prevents unauthorized persons from accessing the admin area of the WordPress site.
But where exactly is the access point for this WordPress login page?
How to find your WordPress login URL
Regardless of what you expected, finding the WordPress login page is quite easy and straightforward. Just add /admin/ or /login/ to the end of your domain (e.g., wordpress.org/admin/). WordPress will then automatically redirect you to the correct login page. If this method doesn't work, there's another way: simply enter /wp-login.php at the end of the domain, which will take you directly to the WordPress login page.
How do I find the WordPress login URL in a subdomain or subdirectory?
So far, everything mentioned above has been for a normal installation or reinstallation of WordPress. However, you may have installed WordPress in a subdirectory or on a subdomain, for example. In this case, the process is slightly different and the admin dashboard is located in a subdirectory.
If this is the case for you, you need to append one of the paths mentioned (e.g., /login/) to the subdirectory or subdomain. For example, if your URL is https://wpcoders.yxz/wordpress, simply append /login/, /admin/, or /wp-login.php to the end. In any case, what I mentioned above should happen again – the new URL should redirect you to the WordPress login page.
Save WordPress login URL as a bookmark
Some people can remember their WordPress login URL, while others may forget it. My recommendation is to bookmark this URL right at the beginning so you don't have to search for it later.
Another trick to avoid having to enter your username and password every time is to select the "Remember me" option when logging in. This will keep you logged in for a few days.
How to change the WordPress login URL
In principle, WordPress is a secure CMS, and with the right hosting, you also get additional protection. Unfortunately, the reality is often different, and the WordPress login page is a popular place for hackers to gain access to your admin dashboard.
In addition to a strong password, which should be unique and particularly long, there are other methods of protecting your login page, such as simply moving it. Since, of course, anyone can access the login page using the tricks mentioned above in standard installations, it is also easy to access pages with very simple passwords. Hackers like to use "brute force attacks" here.
What are brute force attacks?
Brute force attacks are essentially just hacking attempts. This is when someone with malicious intent tries to obtain your username and password. The person uses a list of common usernames and passwords to easily guess your data. Using this data and a script, they automatically try thousands of combinations in an attempt to gain access to the WordPress dashboard.
Nowadays, there is unfortunately a very high probability that your username or WordPress password is on such a list. Furthermore, the WordPress login URL is public knowledge.
In addition to a secure password, you may want to consider moving your "login page" to a different URL or even protecting it with Cloudflare.
Change the WordPress login page using a plugin
One of the most popular WordPress plugins for moving the login page is definitely WPS Hide Login, which is installed on more than a million sites. The plugin itself is free and is regularly maintained.
The great thing about WPS Hide Login for users is that you don't have to change or move a single file. If something doesn't work, you can simply rename the plugin on the server to temporarily disable it.
After activating the plugin, simply enter your desired URL in the settings. It is best to choose something that does not contain words such as "login" or "admin." After saving, you may need to log in again. It is important that you remember the new login URL.
Unfortunately, it's always a cat-and-mouse game with hackers, which is why this solution is no obstacle for skilled attackers. In addition to the possibility of hackers gaining access to your WordPress dashboard, your server will also be affected by a brute force attack. This means that the resources that should actually be used for website visitors are claimed by the hacker.
Here, you should rely on good WordPress hosting or a service such as Cloudflare, which keeps an eye on hackers long before they reach the login page and blocks their attacks.
If this is not an option for you, we have two more tips.
Customizing the .htaccess file for enhanced security
There are many other technical ways to change (or even hide) the URL of your WordPress login page. One of them is to edit the .htaccess file.
This file defines rules, such as whether permalinks are descriptive, and makes system-wide settings. There are two ways to hide the login page. First, the login page can be easily protected with a password (.htpasswd), which means that everyone who visits the page must enter a password before they can even enter their actual login details.
Another method works with the IP address. Here, you add trusted addresses that are allowed to access the login page to the .htaccess file. Normally, this is your own IP address. With this option, however, you must bear in mind that access will not be possible from mobile networks or from restaurants, cafés, and hotels unless you have added their IP addresses.
Limit the number of login attempts with a plugin
If you want to keep your login page as it is, you can use a plugin to limit the number of login attempts.
Thanks to Limit Login Attempts Reloaded, the attacker's IP address is blocked if too many failed attempts are made. Incidentally, a popular number of possible attempts is 4-6, because we also like to make mistakes when logging in and don't want to be blocked right away.
My tip: Don't set the block to "forever." Half an hour is perfectly sufficient and will also be automatically extended for IP addresses that have already been blocked if they have made too many login attempts again (keyword: brute force attacks).
Common problems that can occur when logging into WordPress
Normally, logging in to WordPress works without any problems. Unfortunately, however, there are occasionally problems caused by configurations or plugins, which prevent users from logging in. The most common problems include the following:
- Password issues
- Problems with cookies
I will explain what these are and how you can eliminate these problems below.
Forgot your WordPress password – what now?
If you are unable to log in to your WordPress dashboard, it is often due to the information you entered during registration.
First, check whether you may have simply mistyped it, which happens to me regularly. If this is not the reason, you can easily reset your password.
Simply click on "Forgot your password?" and you will be redirected to a special page.
Here you can enter either your username or your email address. If either of these is correct, an email will be sent to your inbox. Click on the link in this email and create a new secure password.
Resetting the WordPress password via the phpMyAdmin database
If you don't receive an email or your user cannot be found, you will have no choice but to change your password via the database. If you have no experience with the WordPress database, we recommend that you have a developer do this for you.
For those who already have experience working with MySQL databases, you can access the phpMyAdmin console through your self-hosting provider. However, before making any changes here, you should definitely back up your database.
How to reset your password in the WordPress database
- Log in to phpMyAdmin using the access data provided by your hosting provider.
- On the left side, click on the database and then on the wp_users table.
- All users who have an account on this WordPress site will now appear there. Find your username and click on "Edit."
- You can now enter your new password in the user_pass column. Once you have entered it, select the "MD5" encryption method from the drop-down menu and save your entries.
- Done! Your new password should now work for logging into the WordPress backend.
Reset your WordPress password with WP-CLI
Another option, which is often only used by developers, is to use WP-CLI (command line interface for WordPress).
To do this, you need to access your server via SSH. Once you are in the command line, proceed as follows:
- List all users with the following command: $ wp user list
- Now enter the following command, which contains the user ID and the desired new password at the beginning: $ wp user update 1 –user_pass=newstrongpassword
- Test the newly created password.
WordPress login problems due to cookies
It's not always an incorrect password that prevents you or other users from logging in; sometimes it's those pesky cookies. In this case, you will see the following error message:
Error: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.
What if cookies are blocked or not supported?
To log in to WordPress, cookies are required to store your successful login. This means you don't have to log in again every time you change pages, which would be annoying.
If you are having trouble logging in and the error message shown above appears, you should check whether cookies are enabled in your browser.
Another option is to clear your browser cache. Alternatively, you can simply try opening another browser in incognito mode.
If none of this helps, simply add the following lines to your wp-config.php file: /define('COOKIE_DOMAIN', false);
If your site is a multisite, you should look for the sunrise.php file in the /wp-content/ folder. If it exists, rename it to sunrise.php.disabled.
Conclusion on WordPress login
Whether you're new to WordPress or already an experienced administrator, we all use the WordPress login. For standard installations, the login URL is domain.com/wp-login.php, unless you've moved it to another location for security reasons.
To ensure your login is secure, it is important to have a strong password and a good host that protects you from attackers before they even reach your site.
Thanks to numerous plugins such asLimit Login Attempts ReloadedorWPS Hide Login, you alsohavethe option of changing your login URL and limiting the number of login attempts on your WordPress site.
in Switzerland