Is renaming wp-admin a waste of time?

This morning I have had a client ask whether it’s a smart idea to rename site/wp-admin to site/wp-custom for enhanced security.

I know the Bedrock template improves security but does it does something in particular that makes renaming wp-admin redundant?

I personally don’t see any benefit by renaming the wp-admin-slug – and that would prove pretty ‘hacky’ as well I guess, so IMHO, stay away from that.

What Bedrock does:

Isolated web root to limit access to non-web files and more secure passwords through wp-password-bcrypt.

Other than that there are a plethora of other settings to actually harden security, just to name a few:

  • Enable 2FA (f.ex. via this plugin)
  • Limit the login attempts & block suspicious IPs
  • Stay up to date…!

Also see Hardening WordPress in the WP-Codex.


Is renaming wp-admin a waste of time?

Pretty much yes, it’s just security through obscurity. People love it for some reason, but at the end of the day it’s pointless.

1 Like

Thank you. I’ve been using Wordfence since forever. I feel this is enough.