How to Secure the WordPress Admin Area?

Several large-scale WordPress wp-login.php brute force attacks have become common due to many compromised IP addresses worldwide. 

But you can implement any of the options mentioned in this article to secure your WordPress Admin area.

Option 1 

Allow the WordPress Admin access from a specific IP

  1. Log in to your cPanel account.

  2. Find the Files category and click on the File Manager icon.

File Manager

3. Click on Settings at the top right corner. 

4. In the popup tab, select the Document Root for your domain and be sure the checkbox next to Show Hidden Files is checked. 

5. Click on the Save button.


6. Now, look for the .htaccess file and right-click on it.
    This brings up a menu. 

7. Find and click on the Code Edit option.

Code Edit

8. In the popup window, click on Edit, and the file will open in an editor.

Prompt For Editor

9. Enter the code –

Order Deny, Allow
Allow from 123\.123\.123\.123
Deny from all

This code will allow access from a single IP address; replace 123\.123\.123\.123 with your IP address. 

10. To get your IP address click here

11. Once the code is added, click on Save Changes.

Add Code

Option 2 

Change WordPress Admin URL

  1. Log in to your WordPress Admin dashboard.

  2. Go to Plugins and click on Add New.

Add New Plugin

3. Search for Plugin Protect Your Admin.
    It will display the list of plugins.

Search Plugin

4. Click on Install Now right beside the Protect Your Admin plugin.
It will install the plugin.

Install Plugin

5. Once the plugin is installed, click on Activate, and you will get redirected to the installed plugin page. 

6. Click on Settings on Protect Your Admin plugin.

Installed Plugin List

7. On the settings page, click on the check box Enable

8. In the Admin Slug box, you can input any Slug, which will be used to access your WordPress admin login page.
We are using secret-login here as an example. 

9. Click on Save Settings.

Plugin Settings

11. Once you click on Save Settings, you will receive a popup message

12. Click on OK.

Popup Message

13. You will get your new WordPress admin login URL

14. Now, you can access your WordPress dashboard using the new URL.


Was this answer helpful?

« Back


/* */