What's the correct way to hide/prevent access to wp-admin
I'm dealing with this matter since a while, I have read a ton of articles and stuff out there but I couldn't find a place that shows the RIGHT way, standard, correct, whatever you like to call it, to prevent access to my wp-admin or wp-login.php
On all Wordpress sites I see (the well made ones) you will never see anything if you type thesite.com/wp-admin
As I could see, one way to do this is by restricting the access to that folder by creating an .htaccess file and restrict by IP the access to the folder. Seems to be the "cleanest" way to do. What I'm not sure about it is that I have a dynamic address provided by my ISP, so on a certain time my IP will change, that will force me to also change the .htaccess to my new address, I don't see that practical. I can set a range also, but by doing that I will also authorize access to all people within that range of IPs (other clients of my ISP for example).
I'm then struggling to find the best/standard way to do this.
Anyone can help me?
Thanks
Answer
From this Codex discussion - this blog article claims to provide a solution for renaming wp-admin. I haven't tested it, but it does seem to have worked for people.
However,
This hack has its drawbacks.
- The “edit” link on your posts will no longer work. You may want to remove it from your theme.
- The admin link on your side bar will no longer work. You may want to remove it from your theme.
- The standard login link will no longer work. Instead, use a bookmark as it will redirect you back to your hidden login page after you finish logging in.
As an alternative, there's also the option of adding an Apache .htaccess password dialog on top of the wp-admin login. That won't hide it, but it will provide another (albeit annoying) layer of security.
I'm not aware of a good .htaccess way to limit access IP-wise if you have a dynamic IP, or want to access the site from different networks.