How You Can Protect the Login Page in WordPress

How You Can Protect the Login Page in WordPress
Like Tweet Pin it Share Share Email

Web Security should be an abiding and ongoing concern for all websites. No matter what precautions you’ve taken, there is always room for improvement. This is because there is no such thing as foolproof security. Add to that, hackers are on the prowl 24×7, and so you’ve got to be on the guard constantly. Hosting, weak passwords, older versions of WordPress, or dubious themes / plugins are the possible entry points for bots to make way into your site.

One way that you can make it harder for hackers is by stepping up the protection of your WordPress Admin or Login Page. It is the gateway to your website, and you can stop most of the mischief right at the doorstep, by hardening the security on this page.

Some ways that you can go about protecting your Admin page,

Change Username

The default username in WordPress is “Admin” and bots know this. Now, if they can guess your password, you’ve literally handed them an invitation to enter. So change your username to something unique and un-guess-able. For instance, for New York Soccer Club, ‘NY Soccer’ is not a fit username.

add-user

 

You can change the username by following these simple steps,

  • Log in to WordPress using your existing Admin user account.
  • Add a new user by clicking on Users > Add New.
  • Pick “Administrator” as the role for this new user. Go for a unique username here, as this newly added user will become the new admin user.
  • Log out of the old “Admin” user account.
  • Log in again using the new unique username you created.
  • Delete the original “Admin” user. You’ll need to reassign all your old posts from the old “Admin” user to the new user.

You can also change the username by accessing the phpMyAdmin. Read up on this at SiteGround.

Strong Password

Changing the username is only half way there. Strengthen your password so bots can’t guess it. Birthdays, pet’s name, favorite sportsperson can all be guessed correctly. Brute force attacks are just frequent and repeated attempts at guessing the password by trial and error. And they are bound to succeed if the password is weak. Therefore, strong passwords are important.

A strong password should ideally use a combination of numbers and letters, both upper and lower case. Throw in a symbol or two like ‘!’ or ‘@’. WordPress provides the option to generate a strong password, and you can use that too. Or take the help of a Password Generator. Check if your password is strong at How Secure Is My Password. And change the password on a regular basis.

strong-password

 

Finding it hard to remember the password? Check out password managers like LastPass, DashLane, KeePass, 1Password and RoboForm. A password manager stores all your passwords in an encrypted form and you can access it from any device.

If I haven’t made my case for a strong password, this report from SplashData listing the worst passwords of 2015 can perhaps persuade you.

Limit User Access

If you’re the only one who accesses the Admin, this one is not for you. But if you’re allowing multiple users to access the backend, you should keep a tight control over their privileges. Permit access and privileges only to the areas and to the extent that is necessary for them to perform their tasks.

limit-user-access-1

 

Not only that, the users on your site should also be required to use strong passwords. To ensure this, you can install the Force Strong Passwords plugin. This plugin allows users to access the site only if they have set up a strong password for themselves. Or you could look at Login Security Solution, which also examines and enforces password strength, without annoying genuine users.

Limit Login Attempts

Bots gain entry into your site by trying out various combinations of username and password. It may take them many attempts before they can break in. If we limit the number of attempts that can be made from a single IP, we can drastically cut down on the chances of bots gaining access.

limit-login-attempts

 

There are specialized plugin that can carry out this task –

  • Limit Login Attempts – Limits the rate of login attempts for each IP. It is a commonly used plugin, even though it has not been updated for a long time.
  • Brute Force Login Protection – Protects your website against brute force attacks using .htaccess.
  • Jetpack Protect – To protect WordPress websites from bot net attacks.

It’s also worth noting that some webhosts offer this feature built-in. WP Engine for example added this to their hosting platform back at the beginning of 2015 to make the websites they host more secure (in addition to their free SSL, two factor authentication, automated backups, multiple firewalls, Malware scanning and more).

Change Your Login URL

The URL for logging into all WordPress websites is, by default, your site’s main URL followed by wp-login.php or wp-admin for instance, mywebsite.com/wp-login.php. Hackers know this, and if you can change this URL, you’ll be making it harder for them to get into your website.

You can install Protect WP-Admin to change the URL of your admin panel and blocking the default links. You can change it to anything you like, such as mywebsite.com/allow_admin_access. When a query for mywebsite.com/wp-login.php or mywebsite.com/wp-admin, reaches the site, it will be redirected to homepage. And only the custom URL will be allowed to the admin panel.

 

protecyour-admin-url

A totally reliable way to protect your admin page is to entirely block access to your wp-admin and wp-login.php page. But this can be employed only if you use one IP address that doesn’t change. Or else, you run the risk of being locked out of your website. If you can keep track of multiple IP addresses, you can still go ahead and adopt this option.

You can also restrict access to your wp-login.php file using HTTP Basic Authentication. This is an external layer of security that a user has to get past to reach the login page. You’ll need to generate a .htpasswd file, to list all authorized usernames and their respective encrypted passwords. A brute force attack can be launched against HTTP basic authentication as well, but it’s going to be double the effort for hackers to crack both layers.

Add SSL To Your Website

SSL is standard security technology. HTTP is the Hyper Text Transfer Protocol for transfer of data between a server and a browser. The secure version of HTTP is HTTPS, the “S” standing for Secure. Together they verify the identity of the website to the user, and assure the user about the confidentiality between the website and the user’s browser.

Once you’ve set up SSL / HTTPS, the server encrypts data and only the user’s browser can decipher it. To any unwelcome third party, the data won’t make any sense and will just appear as a string of characters. As a bonus, you’ll find that Google favors HTTPS while ranking websites.

Getting yourself a SSL certificate may no longer be optional, particularly if you’re using the Chrome browser. That’s because Google is on course to mark all non HTTPS sites as “non secure”.

ssl-2

 

Today, all non HTTPS sites are simply neutral as to the indication of SSL status, but that will change in January, 2017. All websites needing passwords or collecting credit card information must become secure or risk being labelled as non secure by Google.

There are many companies like Comodo, DigiCert, and SSL.com offering certifying services. Certificates can be acquired without too much cost from SSLMate and for free from Lets Encrypt. Some hosting service providers offer free SSL with their hosting plans. You can read up more on installing SSL in our HTTPS & free SSL guide.

Two-Factor authentication

Two Factor Authentication is one of the most secure ways to protect your website from hackers. It works in addition to the standard username / password that you already have. Once you have keyed in these credentials, a code is generated on a device that you have, often your smartphone. Only when this code is entered, do you gain access to the site.

 

5sec-google-authenticator-for-wordpress-two-step-login-protection-1

Many free and premium plugins are available for installation on your website. This security method has been around for quite a while, but is now being increasingly applied to website access. You can read more about two factor authentication in our earlier post.

Security plugins

Many websites install plugins that take care of WordPress security in a comprehensive manner. They pack in firewall protection, malware scanning, blacklisting and whitelisting IPs, monitoring user activity, audit logging and generally harden all round security. Both free and premium options are available.

Some plugins that include login protection,

wordfence-1

 

  • Wordfence – Enforces strong passwords and prevents brute force attacks.
  • iThemes –  Fights automated attacks and limits number of login attempts. It also implements tougher user credentials.
  • All in One Security and Firewall – Prevents brute force attacks and allows IP level blocking, locking out a user after a specified time period. Other login protection features include login lockdown and whitelisting & blacklisting IP addresses.
  • BulletProof Security – Login and brute force protection.
  • McAfee Secure – Offers multiple layers of protection including a trusted site mark, malware scanning, and identity protection coverage for e-commerce stores (a huge asset).

Comments (9)

  • I simply want to mention I am all new to weblog and seriously enjoyed your web-site. Almost certainly I’m want to bookmark your blog . You surely have good writings. Kudos for revealing your website page.

    Reply
  • 有料老人ホーム、ケアハウス、介護療養型医療施設、高齢者向け優良賃貸住宅などの老人の施設撰びは、それまでと変わらない生活ができる賃貸のようなタイプから、寝たきりの状態で養護が必要と「自立」「要支援」「要介護」の条件によって入居するタイプによって違ってきます。
    なお有料老人ホーム、住宅型有料老人ホーム、介護付有料老人ホーム、高齢者向け住居を決める際、入居申込金や毎月の費用も大切な要素で、その内訳は食費や管理費、介護にかかる費用などが含まれることでしょう。
    全国から入居申込金の費用や毎月の料金、自立や要支援や要介護や認知症入居可などの入居条件、希望する施設をインターネットでスマホやPCから簡単に希望する検索条件で探すサイトがお勧めとなっています。
    お勧めの情報サイトを見てください。

    Reply
  • 大物女優の司会で見たことのあるのビーワイルドを俳優のファンが陰茎増大を大き目に情報を発進しているとき活性化しているのですが、それがトレーニングなのに口コミを気にするのはおかしいですか。効果もクールで栄養も普通なんですけど、元カレとの大きさの差が大きく、ネタ?みたいに思えてしまって、ビーワイルドが今後ネット通販で買えないんです。

    Reply
  • さっき家出る前にAmazonで買い物をした。いまや日本で一番売れている通販サイトはアマゾンだ。
    ここで買えないものはないだろうな。楽天やヤフーで買えるものはまぁ、たいていある。
    しかも大体安い。どんなものでも一番安いということはないけど、だいたい安い。
    そして配送が早い。ヤフーショッピングや楽天市場は遅い。めちゃくちゃ遅い。頭に来るぐらい遅い。
    Amazonギフト券があればさらに便利だ。最近はAmazonギフト券の売買サイトがあり、10%ぐらい安くアマギフが買える。つまり金券屋みたいに安く買えるのだ。
    ラッキー過ぎる。なんでみんなが使わないのかわからない。銀行振込の手数料考えても送料とお釣りがくるぐらいメリットある。
    それにどうせ毎月Amazonで買い物するんだから2~3万円分買っておけば3千円ぐらい得しちゃう。ちょっとした小物とかタダでもらえるようなもんだ。お得なんだよ、アマゾンは。
    あなたもどう?

    Reply
  • I really like your blog.. very nice colors & theme.
    Did you create this website yourself or did youu hire someone to do it
    for you? Plz answer back as I’m looking to crdate myy own blog annd would like to know where u got this
    from. thanks

    Reply
  • 転居届の提出は、転居の2週間前くらいからできる自治体がほとんどです。転入の際には、ちょっとしたおみやげとともに両隣に挨拶に行くことをおすすめします。

    これまでの人生の中で、引っ越しが多くない方にとっては引っ越しが人の一生の中でも一つのターニングポイントになるかもしれませんが、数々の大変な事態に陥ることもあるかもしれないと考えておきましょう。引っ越し当日は特に忙しいものですが、仕事が重なってしまったときに何か一つが狂ってしまうと引っ越し全体に関わる問題になってしまうので

    Reply
  • I have been examinating out many of your stories and i can claim pretty good stuff. I will definitely bookmark your blog.

    Reply
  • I am not sure where you are getting your info, but good topic. I needs to spend some time learning much more or understanding more. Thanks for wonderful information I was looking for this info for my mission.

    Reply
  • Thank you for the auspicious writeup. It in fact was a amusement account it. Look advanced to more added agreeable from you! By the way, how could we communicate?

    Reply
  • I will immediately clutch your rss as I can’t find your email subscription hyperlink or e-newsletter service. Do you’ve any? Kindly allow me recognize in order that I may just subscribe. Thanks.

    Reply
  • I think other website proprietors should take this site as an model, very clean and great user genial style and design, as well as the content. You’re an expert in this topic!

    Reply
  • I think other website proprietors should take this web site as an model, very clean and magnificent user friendly style and design, let alone the content. You are an expert in this topic!

    Reply
  • Thank you for the good writeup. It in fact was a amusement account it. Look advanced to more added agreeable from you! By the way, how can we communicate?

    Reply
  • Nice blog here! Also your web site loads up fast! What host are you using? Can I get your affiliate link to your host? I wish my web site loaded up as fast as yours lol

    Reply
  • My spouse and i felt absolutely thankful Ervin managed to do his basic research with the ideas he gained from your very own blog. It’s not at all simplistic to just happen to be giving freely ideas which usually other folks have been making money from. And now we understand we need you to appreciate for that. The explanations you made, the straightforward site menu, the friendships you help engender – it is everything remarkable, and it’s facilitating our son in addition to the family feel that the concept is fun, which is rather important. Thank you for the whole thing!

    Reply
  • You can certainly see your expertise in the work you write. The arena hopes for more passionate writers like you who aren’t afraid to say how they believe. Always follow your heart.

    Reply
  • Great write-up, I¡¦m regular visitor of one¡¦s blog, maintain up the nice operate, and It’s going to be a regular visitor for a long time.

    Reply
  • Nice blog here! Also your site loads up very fast! What host are you using? Can I get your affiliate link to your host? I wish my website loaded up as fast as yours lol

    Reply
  • I’m not sure where you are getting your info, but great topic. I needs to spend some time learning much more or understanding more. Thanks for wonderful information I was looking for this info for my mission.

    Reply
  • Somebody essentially lend a hand to make critically posts I might state. This is the very first time I frequented your website page and so far? I amazed with the analysis you made to make this actual post amazing. Wonderful job!

    Reply
  • You are a very clever individual!

    Reply
  • I am continuously looking online for articles that can help me. Thank you!

    Reply
  • It¡¦s actually a great and useful piece of information. I¡¦m happy that you just shared this useful information with us. Please stay us informed like this. Thanks for sharing.

    Reply
  • Simply wish to say your article is as astonishing. The clearness in your post is just excellent and i can assume you are an expert on this subject. Fine with your permission let me to grab your feed to keep up to date with forthcoming post. Thanks a million and please continue the gratifying work.

    Reply
  • Thanks a lot for sharing this with all people you actually realize what you are talking about! Bookmarked. Please also consult with my site =). We will have a hyperlink trade agreement among us!

    Reply
  • You actually make it seem so easy with your presentation but I find this matter to be actually something which I think I would never understand. It seems too complicated and extremely broad for me. I am looking forward for your next post, I will try to get the hang of it!

    Reply
  • Helpful info. Fortunate me I discovered your web site accidentally, and I am shocked why this twist of fate didn’t happened in advance! I bookmarked it.

    Reply
  • Great paintings! That is the type of information that are supposed to be shared around the internet. Disgrace on Google for not positioning this submit upper! Come on over and consult with my web site . Thank you =)

    Reply
  • Thanks , I have just been searching for information about this subject for a long time and yours is the greatest I’ve came upon so far. But, what in regards to the bottom line? Are you sure concerning the supply?

    Reply
  • I’m so happy to read this. This is the kind of manual that needs to be given and not the accidental misinformation that’s at the other blogs. Appreciate your sharing this greatest doc.

    Reply
  • Thank you for some other informative site. Where else could I get that type of information written in such an ideal way? I’ve a challenge that I am just now running on, and I’ve been on the glance out for such information.

    Reply
  • You made some clear points there. I did a search on the issue and found most guys will approve with your blog.

    Reply
  • I am always browsing online for ideas that can aid me. Thx!

    Reply
  • Thanks for every other informative web site. The place else may just I get that kind of information written in such a perfect way? I’ve a challenge that I’m just now operating on, and I’ve been on the look out for such info.

    Reply
  • I have to point out my gratitude for your kindness giving support to people who require help with your question. Your special dedication to getting the message throughout had been surprisingly invaluable and have usually allowed some individuals much like me to realize their aims. Your amazing warm and helpful tutorial signifies a lot to me and somewhat more to my fellow workers. Regards; from each one of us.

    Reply
  • It’s perfect time to make some plans for the future and it’s time to be happy. I have read this post and if I could I want to suggest you few interesting things or advice. Perhaps you can write next articles referring to this article. I want to read even more things about it!

    Reply
  • Magnificent website. A lot of useful info here. I¡¦m sending it to several pals ans additionally sharing in delicious. And obviously, thank you to your effort!

    Reply
  • Howdy very cool website!! Guy .. Beautiful .. Amazing .. I’ll bookmark your blog and take the feeds additionally¡KI’m happy to seek out a lot of useful information right here within the publish, we’d like develop more strategies in this regard, thanks for sharing. . . . . .

    Reply
  • Excellent weblog here! Also your web site rather a lot up very fast! What host are you the use of? Can I am getting your associate link for your host? I desire my web site loaded up as fast as yours lol

    Reply
  • I¡¦ve been exploring for a little bit for any high quality articles or blog posts on this kind of area . Exploring in Yahoo I eventually stumbled upon this website. Reading this info So i¡¦m satisfied to exhibit that I’ve an incredibly excellent uncanny feeling I came upon exactly what I needed. I such a lot definitely will make certain to don¡¦t overlook this site and give it a glance on a continuing basis.

    Reply
  • naturally like your web site but you need to take a look at the spelling on quite a few of your posts. Several of them are rife with spelling issues and I find it very bothersome to tell the truth nevertheless I will certainly come again again.

    Reply
  • Hello there, just became alert to your blog through Google, and found that it is really informative. I am gonna watch out for brussels. I will appreciate if you continue this in future. Numerous people will be benefited from your writing. Cheers!

    Reply
  • There is evidently a bunch to realize about this. I think you made certain nice points in features also.

    Reply
  • Definitely, what a great website and enlightening posts, I definitely will bookmark your website.All the Best!

    Reply
  • It is actually a nice and useful piece of info. I¡¦m happy that you just shared this helpful information with us. Please stay us informed like this. Thank you for sharing.

    Reply
  • I am really impressed with your writing skills and also with the layout on your weblog. Is this a paid theme or did you customize it yourself? Either way keep up the excellent quality writing, it is rare to see a nice blog like this one today..

    Reply
  • Hello there, I discovered your site by the use of Google while searching for a comparable topic, your site got here up, it looks good. I’ve bookmarked it in my google bookmarks.

    Reply
  • 今年の終わりももうちょっとになり、来年も旅行を準備するVPNが始まったようです。VPN比較からええっとしているうちに、中国から新しいVPNが到来しているようでなんだか困難を覚えています。

    Reply
  • Well I really enjoyed reading it. This information offered by you is very useful for proper planning.

    Reply
  • Wonderful website. A lot of useful information here. I am sending it to some friends ans also sharing in delicious. And obviously, thanks on your sweat!

    Reply
  • Hi there, just became alert to your blog through Google, and found that it’s truly informative. I am going to watch out for brussels. I will appreciate if you continue this in future. Lots of people will be benefited from your writing. Cheers!

    Reply
  • I like the helpful info you provide in your articles. I will bookmark your weblog and check again here regularly. I am quite certain I will learn many new stuff right here! Good luck for the next!

    Reply
  • Thank you a bunch for sharing this with all of us you really recognize what you are speaking approximately! Bookmarked. Kindly additionally visit my web site =). We will have a hyperlink alternate contract between us!

    Reply
  • I enjoy, cause I found exactly what I used to be having a look for. You have ended my 4 day long hunt! God Bless you man. Have a great day. Bye

    Reply
  • Very nice post. I just stumbled upon your blog and wished to say that I have really enjoyed browsing your blog posts. After all I will be subscribing to your rss feed and I hope you write again very soon!

    Reply
  • It¡¦s in point of fact a great and useful piece of info. I am happy that you simply shared this helpful info with us. Please stay us up to date like this. Thank you for sharing.

    Reply
  • Thanks , I’ve recently been looking for information about this subject for ages and yours is the best I’ve found out so far. But, what in regards to the conclusion? Are you sure in regards to the supply?

    Reply
  • Its like you read my mind! You appear to know so much about this, like you wrote the book in it or something. I think that you could do with some pics to drive the message home a little bit, but other than that, this is magnificent blog. A great read. I’ll definitely be back.

    Reply
  • I like what you guys are up also. Such smart work and reporting! Keep up the excellent works guys I¡¦ve incorporated you guys to my blogroll. I think it’ll improve the value of my website 🙂

    Reply
  • As a Newbie, I am always searching online for articles that can help me. Thank you

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: