How to easily prevent Wordpress login attempts

WordPress Admin Login Bot Attacks

I have the unfortunate occurrence of WordPress admin login bot attacks to my login page for a couple of my websites. It’s annoying. Overnight I had approximately 100 attempts by these bots to login to my WordPress admin page.


I use a free version of WordFence to set invalid login attempts to 1 when a wrong password or admin name is used and it locks these bots out for 2 months.

This is an OK solution but in 2 months time I will go through this all again and receive a tonne of emails. I am using the default WordPress Admin login page.

WordPress Admin Login Bot Attacks

This is creating the bot attack issue as it is a well-known login url for WordPress admin access. There is a better way to prevent this from happening.

Create a custom wp-admin login page

There are several methods to creating a custom wp-admin login page, either via the backend and changing some WordPress files or via a WordPress Plugin WPSHide Login.

I am going to take the easy route and use a WordPress plugin. It allows me to change my admin login page to something secret and in the main, undiscoverable. This will prevent the bot attacks as the default wp-admin page will no longer exist. Hopefully this will remove all issues. I’m sure these wp-admin attempts will continue. For now at least I have obscured the WordPress Admin Login page from bot attacks by using a bespoke url for my WP Admin Login.