How To Secure WordPress ADMIN Area?

There have now been several large scale WordPress wp-login.php brute force attacks, coming from a large amount of compromised IP addresses spread across the world. You can follow below options to secure your Wordpress Admin area.

Option 1 - Allow Wordpress Admin access from a specific IP

  1. login into your cPanel account.

  2.  Find the Files category and click on the File Manager icon.

    File Manager

  3. Click Settings at the top right corner. In the popup tab select the Document Root for your domain and be sure the checkbox next to Show Hidden Files is checked. Click the Save button.

    Settings

  4. Now look for the .htaccess file and right click on it. This brings up a menu. Find and click on the Code Edit option.

    Code Edit

  5. In the popup window Click on Edit and file will open in an editor.

    Prompt For Editor

  6. Enter the below code to allow access from a single IP address, replace 123\.123\.123\.123 with your own IP address. To get your IP address click here. Once the code is added click on Save Changes.

    [code]
    Order Deny, Allow
    Allow from 123\.123\.123\.123
    Deny from all
    [/code]


    Add Code

Option 2 - Change WordPress Admin URL

  1. login into your WordPress Admin dashboard.

  2. Goto Plugins and click on Add New.

    Add New Plugin

  3. Search for Plugin Protect Your Admin. It will display the list of plugins.

    Search Plugin

  4. Click on Install for Protect Your Admin plugin. It will install the plugin.

    Install Plugin

  5. Once the plugin is installed, click on Activate and you will get redirected to installed plugin page. Click on Settings on Protect Your Admin plugin.

    Installed Plugin List

  6. In the settings page, Click on check box Enable. In Admin Slug box you can input any Slug and it will be used to access your WordPress admin login page. We are using secret-login here as an example. Click on Save Settings.

    Plugin Settings

  7. Once you click on Save Settings, you will receive a popup message. Click on OK.

    Popup Message

  8. You will get your new WordPress admin login URL. Now you can access your WordPress dashboard using the new URL.

    New URL


Related Articles

How to Enable Gzip Compression for WordPress via .htaccess file?

When Gzip compression isn't enabled on WordPress website, Google PageSpeed Insight gives you a...

How to add Google reCaptcha Protection on Wordpress?

Google reCAPTCHA is a free service from Google which helps to protect your websites from spam and...

How to secure complete backup of your WordPress website?

We do maintain the backup of our shared hosting clients' accounts regularly, however it is highly...

How to Upload a WordPress theme?

Sometimes you are required to upload and install a WordPress theme manually, especially when you...

How to Increase maximum execution time for a WordPress Site?

You may receive the below error for your Wordpress while installing/updating themes or plugins....

  • 0 Users Found This Useful

Was this answer helpful?