Title: Hide Login Path Last modified: August 21, 2016 --- # Hide Login Path * [poijkl](https://wordpress.org/support/users/poijkl/) * (@poijkl) * [13 years, 2 months ago](https://wordpress.org/support/topic/hide-login-path/) * Hi, * I’ve recently installed wordfence and I get email notifications when someone exceeds the number of login attempts and gets locked out. I thought I would rarely get this, but I’ve gotten 4 lock outs in the past 2 days. I block the ip’s, but the ip’s seem to be from foreign countries. Is this normal? * Also, are there any plugins that’ll let me hide wp-admin and wp-login to a different path? Or anything else you guys recommend to help me with this issue. Viewing 2 replies - 1 through 2 (of 2 total) * [leejosepho](https://wordpress.org/support/users/leejosepho/) * (@leejosepho) * [13 years, 2 months ago](https://wordpress.org/support/topic/hide-login-path/#post-3644141) * > I block the ip’s, but the ip’s seem to be from foreign countries. Is this normal? * Yes, and blocking a country for a while seems to send the hackers elsewhere. * I believe there are things you could do in `.htaccess` to block access, but you would first want/need a dedicated IP to allow for yourself. * Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/) * (@bcworkz) * [13 years, 2 months ago](https://wordpress.org/support/topic/hide-login-path/#post-3644181) * If you need random users to be able to login, effective IP blocking will depend on the distribution of your legitimate user base. Realistically, limited login attempts and lockouts combined with a really strong password is more than adequate defense. * Even though I believe security by obscurity is an oxymoron, not having an ‘admin’ user has completely stymied all such hack attempts so far. Still, I believe hiding the login and admin paths is a wasted effort. In my experience, blocking a worldwide botnet has not yet resulted in the hacker controlling it going away. Going on 5 months now, he is still hammering away uselessly at my site. What a moron! * If you only need access for a limited few, a dedicated IP is not necessarily required, though it makes things much easier. I personally have whitelisted the entire IP range allocated to my ISP using CIDR notation in .htaccess (`Allow from 123.123.0.0/18` for example). Since no hackers so far use my ISP, the worldwide botnet is completely blocked even though I do not have a static IP, and yet I login without apparent restriction. If I do use a different ISP occasionally, it takes about a minute to temporarily add my current IP to the whitelist via FTP. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Hide Login Path’ is closed to new replies. ## Tags * [hide](https://wordpress.org/support/topic-tag/hide/) * [login](https://wordpress.org/support/topic-tag/login/) * [path](https://wordpress.org/support/topic-tag/path/) * [wp-admin](https://wordpress.org/support/topic-tag/wp-admin/) * In: [Hacks](https://wordpress.org/support/forum/plugins-and-hacks/hacks/) * 2 replies * 3 participants * Last reply from: [bcworkz](https://wordpress.org/support/users/bcworkz/) * Last activity: [13 years, 2 months ago](https://wordpress.org/support/topic/hide-login-path/#post-3644181) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics