I've always likened changing the "security through obscurity" as equivalent to locking your front door, and hiding the key under the doormat in the hopes nobody thinks to look there. It might stop some amateur hackers, but the experienced ones will still know how to find that key. This is what makes it an often useless security strategy because, unless you've taken steps to secure the rest of your site, it might only buy you a few more minutes before they're in.
The reasons to avoid changing the WP login URL given in this video are not valid at all. Theme problems? Plug-in vulnerabilities? Those are things that must be addressed anyways in the first place. Security though obscurity is one of the strategies to weed out potential hackers. Are they going to look for other ways to execute the cyberattack? Of course they will look for other ways but at least you are going to cut the lower hanging fruit beforehand. Your example is more like not buying a safe to store your valuable items at home because all thieves know that homes have safe boxes. In conclusion, there is nothing wrong with making things more difficult for hackers.
@@runningfree4606 I'm not saying that these shouldn't be fixed. They of course should be. But my point still stands. If you're not taking security seriously and doing things properly, then security by obscurity isn't going to help you. They'll find their way in because your site will have more security holes than a Swiss cheese factory. At most, you can expect an experienced hacker to be delayed by mere minutes. If you are taking security seriously, then security by obscurity probably isn't adding much because you will have probably already dealt with anything that could be used to compromise your site.
@@runningfree4606 I agree with you "but at least you are going to cut the lower hanging fruit beforehand" to me it will make it even more difficult for attackers
It's not equivalent to locking your front door, and hiding the key under the doormat. It's equivalent to locking your front door and painting the door like a wall so hackers can't find it. The key stays with you.
Ok, so what do you recommend as the best practice to enable users to login to Wordpress in another location other than the WP default one? For example I would like the users to be able to login through a pop up that appears after clicking the login/signup button? Or do the same on the separate page as the login location? Thank you in advance for your answer.
lol my brute force attacks when from 23 per day to zero after I change my URL. So why take a risk at all. Even the IP gets blocked the attacker has endless options with a VPN.
"We don't support it, therefore it's a bad idea..." Recommending the country code filter in the premium package is unrelated to using a custom url - they are two different risk areas.
I've always likened changing the "security through obscurity" as equivalent to locking your front door, and hiding the key under the doormat in the hopes nobody thinks to look there. It might stop some amateur hackers, but the experienced ones will still know how to find that key. This is what makes it an often useless security strategy because, unless you've taken steps to secure the rest of your site, it might only buy you a few more minutes before they're in.
The reasons to avoid changing the WP login URL given in this video are not valid at all. Theme problems? Plug-in vulnerabilities? Those are things that must be addressed anyways in the first place. Security though obscurity is one of the strategies to weed out potential hackers. Are they going to look for other ways to execute the cyberattack? Of course they will look for other ways but at least you are going to cut the lower hanging fruit beforehand.
Your example is more like not buying a safe to store your valuable items at home because all thieves know that homes have safe boxes.
In conclusion, there is nothing wrong with making things more difficult for hackers.
@@runningfree4606 I'm not saying that these shouldn't be fixed. They of course should be.
But my point still stands. If you're not taking security seriously and doing things properly, then security by obscurity isn't going to help you. They'll find their way in because your site will have more security holes than a Swiss cheese factory. At most, you can expect an experienced hacker to be delayed by mere minutes. If you are taking security seriously, then security by obscurity probably isn't adding much because you will have probably already dealt with anything that could be used to compromise your site.
@@runningfree4606 I agree with you "but at least you are going to cut the lower hanging fruit beforehand" to me it will make it even more difficult for attackers
@@runningfree4606 I've never faced any issues with theme or plugin due to the admin login URL being changed. The customer login is separate anyways.
It's not equivalent to locking your front door, and hiding the key under the doormat. It's equivalent to locking your front door and painting the door like a wall so hackers can't find it. The key stays with you.
Great Wordpress security tutorila!
Glad it helped!
Ok, so what do you recommend as the best practice to enable users to login to Wordpress in another location other than the WP default one? For example I would like the users to be able to login through a pop up that appears after clicking the login/signup button? Or do the same on the separate page as the login location?
Thank you in advance for your answer.
Please reach out to us on the free support forum at bit.ly/36ybpyu or in our Premium ticketing system at bit.ly/2pNegmK for help with this.
lol my brute force attacks when from 23 per day to zero after I change my URL. So why take a risk at all. Even the IP gets blocked the attacker has endless options with a VPN.
The video explains why it is not recommended to do this.
Thanks for this security information. Wordfence is a great tool for keeping WP secure and I recommend it to everyone.
Thanks for sharing!
"We don't support it, therefore it's a bad idea..."
Recommending the country code filter in the premium package is unrelated to using a custom url - they are two different risk areas.
Please reach out to us on the free support forum at bit.ly/36ybpyu or in our Premium ticketing system at bit.ly/2pNegmK for help with this.
WordFence's ui is too messy imo. If they'd clean it up and make it more user friendly I'd probably switch to it.
You can send feedback to feedback@wordfence.com if you would like to.
at the end of the game..... PAAAAAAAY!! obviusly
for sure - if you want a good product, you should pay. everything else would be nonsense.
🤘 🄿🅁🄾🄼🄾🅂🄼