How to Secure your WordPress login page

How-to-Secure-your-WordPress-login-page

How to Secure your WordPress login page :-

Hackers are always trying to do brute-force attack on your WordPress login page to hack your site.

A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.

Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server’s memory and performance.

Today i am going to show you How to Secure your WordPress login page ?

1. Stealth Login Page

Protect your dashboard with a game-changing authorization code. The login form will never be the same again.

What it does :-

Without locking down access via IP address or file permissions, this plugin creates a secret login authorizaiton code. Those who do not enter this additional authorization will be automatcally redirected to a customizable URL.

This is the first plugin that blocks external bot login requests – login requests must comply with the full login sequence or the request is rejected.

Download and install this plugin, Now go to the Settings > enable the Stealth mode and enter you authorization code and enter the URL address when any one fails to login, they will redirect to your given URL address.

How-to-Secure-your-WordPress-login-page1

now on your login page. you will find the authorization code option.

How-to-Secure-your-WordPress-login-page2

2. Login LockDown

Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.

Download Now and install the Login Lock Down . now go to the Setting and click on the Login Lock down option and update your settings.

How-to-Secure-your-WordPress-login-page3

now on the login page you will find the login form protected by Login LockDown.

How-to-Secure-your-WordPress-login-page4

3. Cookie based brute Force Login Prevention with All In One WP Security

All in one WP security firewall is comes with the Cookie based brute Force Login Prevention, that will help you to make you wp-admin as a secret page. instead of www.yourwebsite.com/wp-admin , you can login with the www.yourwebsite.com/?yoursecretcode=1 , that will make your admin page completely hidden for hacker.

Download and install the All In One WP Security , Go to the Firewall > select the Brute Force Prevention .

How-to-Secure-your-WordPress-login-page5

Now Save your featured settings. now it will give you new path for your WordPress admin login.

How-to-Secure-your-WordPress-login-page6

4. Use Secure SSL Login Pages

You can login to WordPress Admin Panel through the encrypted channels with SSL meaning your session URLs will have https://

try Admin SSL or SSL Subdomain for Multisite plugin for this job.

5. Never use “admin” Username

This is the first user that is created when WordPress is installed. You should never use or keep this user. Because in the past multiple loopholes have been found that are linked to Brute Force Attack and admin username, you should refrain from using it. You should create another user using your WordPress admin panel, and assign administrator roles to it. Try to make this username something that is not obvious, so it is harder for the hacker to guess. Then delete the admin user altogether to stay on the safe side.

6. Limit Access via IP Address

You can limit access to your WP-Admin Panel and only allow certain IP Addresses to access. All you have to do is create a .htaccess file in /wp-admin/ folder if there is not one there already. Paste the following code:-

AuthUserFile ‘some htpasswd file’
AuthGroupFile /dev/null
AuthName “WordPress Admin Access Control”
AuthType Basic

order deny,allow
deny from all
Require valid-user
# whitelist Rumy’s IP address
allow from xx.xx.xx.xxx
# whitelist Ghalib’s IP address
allow from xx.xx.xx.xxx
Satisfy Any

The “require valid user” and “satisfy any” lines will force the Apache Server to request a Username and Password before you can access the WordPress Login screen.

with this setting you can login with own mentioned IP-address and others places also.

Enjoy your secure wordpress login.

Also Check :- 

How to Improve the Security of your WordPress Blog

How to change your WordPress login logo

How To Install WordPress on Localhost with Xampp

How To Create A Custom WordPress 404 Page

How to Find out What WordPress Theme a Site is Using

WordPress Site Hacked – Redirecting to Another Site

Hope you like my post.How to Secure your WordPress login page. Please share with others.

Use Facebook to Comment on this Post

Author: Syed Balal Rumy

A 26 year Tech Geek and a blogger from India ( Bihar ) , live in Saudi Arabia. I am MCITP , CEHv8 , CCNA , CCNA Security , CCNP Security , Security + and CCSA certified. Loves to write tech articles based on my real experiences.

Share This Post On