How to Secure your WordPress login page :-
Hackers are always trying to do brute-force attack on your WordPress login page to hack your site.
A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.
Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server’s memory and performance.
Today i am going to show you How to Secure your WordPress login page ?
1. Stealth Login Page
Protect your dashboard with a game-changing authorization code. The login form will never be the same again.
What it does :-
Without locking down access via IP address or file permissions, this plugin creates a secret login authorizaiton code. Those who do not enter this additional authorization will be automatcally redirected to a customizable URL.
This is the first plugin that blocks external bot login requests – login requests must comply with the full login sequence or the request is rejected.
Download and install this plugin, Now go to the Settings > enable the Stealth mode and enter you authorization code and enter the URL address when any one fails to login, they will redirect to your given URL address.
now on your login page. you will find the authorization code option.
2. Login LockDown
Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
Download Now and install the Login Lock Down . now go to the Setting and click on the Login Lock down option and update your settings.
now on the login page you will find the login form protected by Login LockDown.
3. Cookie based brute Force Login Prevention with All In One WP Security
All in one WP security firewall is comes with the Cookie based brute Force Login Prevention, that will help you to make you wp-admin as a secret page. instead of www.yourwebsite.com/wp-admin , you can login with the www.yourwebsite.com/?yoursecretcode=1 , that will make your admin page completely hidden for hacker.
Download and install the All In One WP Security , Go to the Firewall > select the Brute Force Prevention .
Now Save your featured settings. now it will give you new path for your WordPress admin login.
4. Use Secure SSL Login Pages
You can login to WordPress Admin Panel through the encrypted channels with SSL meaning your session URLs will have https://
5. Never use “admin” Username
This is the first user that is created when WordPress is installed. You should never use or keep this user. Because in the past multiple loopholes have been found that are linked to Brute Force Attack and admin username, you should refrain from using it. You should create another user using your WordPress admin panel, and assign administrator roles to it. Try to make this username something that is not obvious, so it is harder for the hacker to guess. Then delete the admin user altogether to stay on the safe side.
6. Limit Access via IP Address
You can limit access to your WP-Admin Panel and only allow certain IP Addresses to access. All you have to do is create a .htaccess file in /wp-admin/ folder if there is not one there already. Paste the following code:-
AuthUserFile ‘some htpasswd file’
AuthName “WordPress Admin Access Control”
deny from all
# whitelist Rumy’s IP address
allow from xx.xx.xx.xxx
# whitelist Ghalib’s IP address
allow from xx.xx.xx.xxx
The “require valid user” and “satisfy any” lines will force the Apache Server to request a Username and Password before you can access the WordPress Login screen.
with this setting you can login with own mentioned IP-address and others places also.
Enjoy your secure wordpress login.
Also Check :-
Hope you like my post.How to Secure your WordPress login page. Please share with others.