24 Oct Please Stop Hiding wp-admin
A great post from chriswiegman.com on how you should not be hiding the wp-admin, I happen to agree here. Read on.
Once upon a time the security of a WordPress site could be improved by simply moving the login page. Those were simpler days. The REST API wasn’t part of WordPress core and WordPress itself was a much smaller part of the internet and, as a result, a much smaller target for attackers than it is now. I even wrote one of the better implementations to hide the WordPress login page as part of, first, Better WP Security and later iThemes Security. It made sense at the time when I could see the brute force login attempts drop off considerably on my sites when I employed the feature. Today things are not so simple. Today such a feature is more likely to bring your site down than keep it up. Why?