Default WP-admin URLs are known publicly:
domain.tld/admin
domain.tld/wp-admin
domain.tld/login
domain.tld/wp-login
So keeping them unprotected might be dangerous as login attempts can be made by anyone.
For this reason we highly recommend changing the URL to something unique or even protecting the existing URL. That can be done with the help of these methods:
Method 1 - Changing WP admin URL
The easiest and fastest way to protect your admin URL is to change it. You can do it easily by using a free plugin like WPS Hide Login.
NOTE:
Once you set a new URL and save the changes, the login URL will change instantly, so make sure to save it somewhere safe
If you encounter issues logging in after enabling a plugin, check out this article: How to disable WordPress plugins without access to the admin page?
Method 2 - Password protection
Another method of securing your admin dashboard URL is via Password protect feature. All you would need to do is set up a password for your /wp-admin directory - so before opening your admin URL and being able to insert credentials, visitors would be asked to insert one more password, defined by you. In hPanel, it can be done in a matter of a few clicks.
Method 3 - IP block
Lastly, you can block any unwanted IP addresses from accessing your website altogether, thus securing it to the maximum. There are 2 options: blocking some suspicious IPs and allowing access to everyone else - or blocking access to everyone except a list of IPs (like your IP address). Keep in mind that you need a static IP for this - if your IP changes, you would need access to your hosting or website files to remove the block. If this option is suitable for you, you can create IP blocking in hPanel.
That's it! Now you know how to protect your WP-admin URL 😊
NOTE: