I’m not sure why WordPress doesn’t allow you to change the URL for the admin and login pages, but they don’t. It seems to me that putting define ( ‘ADMIN_PATH’, ‘/wp-admin/’ ); in wp-config would be an easy and a good fix–but for whatever reason, they don’t and we are stuck with a security hole.
I will first review the methods that currently exist as workarounds to this problem that we shouldn’t have in the first place, and then will go on to detail my method which I hope is a little easier to setup and maintain.
» Read more: Securing WordPress: A passive method for preventing unauthorized requests to wp-admin and wp-login.php
