This morning I have had a client ask whether it’s a smart idea to rename site/wp-admin to site/wp-custom for enhanced security.
I know the Bedrock template improves security but does it does something in particular that makes renaming wp-admin redundant?
I personally don’t see any benefit by renaming the
wp-admin-slug – and that would prove pretty ‘hacky’ as well I guess, so IMHO, stay away from that.
What Bedrock does:
Isolated web root to limit access to non-web files and more secure passwords through wp-password-bcrypt.
Other than that there are a plethora of other settings to actually harden security, just to name a few:
- Enable 2FA (f.ex. via this plugin)
- Limit the login attempts & block suspicious IPs
- Stay up to date…!
Also see Hardening WordPress in the WP-Codex.
Is renaming wp-admin a waste of time?
Pretty much yes, it’s just security through obscurity. People love it for some reason, but at the end of the day it’s pointless.
Thank you. I’ve been using Wordfence since forever. I feel this is enough.