How to Secure the WordPress Login Page in Simple Steps

If you have a new blog and you haven’t searched for security solutions yet, you should do it right now. Hackers are developing their skills to access your admin panel and make you out of the game.

I know that there are good hackers who do something good, but, there are bad others who try to stop your business for any reason. In this post, you will learn simple tips to secure the WordPress login page and stay safe.

Before starting, you should know that you need to protect your password and login details first. If you can’t remember complicated passwords, you need to save logins locally outside your computer. On paper, for example, to expect bad things, it’s a stupid idea to save passwords on the computer.

What happens when your antivirus stops working without notifications? Or when someone accesses your laptop?. So, expect all the bad things, and save your login details in a safe place.

Protecting your blog login page

Create a strong password

This is the way to secure your WordPress login page. It’s not hard to create a strong password for more than 20 characters, you should select a password that you never and will never use on other pages, or websites. Make it unique without ”0000” as a stupid one does, and add letters, words, numbers, symbols… In other words, make it impossible to remember, you can use one of the password generator tools to create one, then, save it in a safe place.

Never use “Admin” as a username

What you should know is that people who try to access your login page will use “admin” as a username and generate an unlimited password combination. If they’re lucky, they will get access with the exact password. So, if you really care about your blog, you should change your username if it’s “admin”.

I know that WordPress self-hosted software won’t allow changing the username. What you need to do is create another user, then delete your current user and transfer all your posts to the new one.

Protect your wp-admin area

It’s not a hard job to protect your Admin area with a password. You can do that in your cPanel account. Just log in, and find “password protect directories” as the screenshot below.

Protect admin area with Password

Then, you need to choose a different password from the one that you use to login. Thus, you will get double the login process, with two different details. If the first is found, the second login still works.

If you select strong passwords, they will never find them. At the same time, make sure to add the following code after the WordPress rules in the htaccess file:

ErrorDocument 401 default

This code will solve the redirect errors after protecting directories. Then add the code in the ”.htaccess” file inside the wp-admin directory. Please remember, you need to add this code in the wp-admin htaccess, it’s different from the parent ”htaccess” file. Thus, you will need to login twice, even, when you are signed in to your dashboard. It’s the best security for you.

Install the Limit Login Attempts Plugin

Limit Login Attempts is the best solution to secure the WordPress login page. It allows you to select how many times the plugin blocks the login attempts, and send you a notification with the IP address if someone tries to log in multiple times. It’s a free and powerful tool to help you protect your WordPress login page.

Install Captcha Plugin

This is not an option but a must-have tool. You need to secure the login page with a captcha, thus, robots will not be able to log in. The plugin will generate a strong verification like, words and mathematical symbols that require a human to solve. This is also a free plugin used by thousands of people who care about their sites, are you too?

Other good plugins to secure the WordPress login page

Stealth Login Page it protects your login page without the need to edit the htaccess file. If you need simple solutions, then you can install it, it’s powerful and good.

Login Security Solution is another plugin that stops people who trying to log in. It scans his IP and sends a request that needs a response to verify the login session.

These are the necessary solutions to secure your WordPress login page. Keep in mind that all these solutions will be useless if you don’t protect your password and details. At the same time, make sure to never respond to emails with your login details, even, if your web hosting provider asks you for your login information. Never respond, it comes that a hacker tries to get your login using ways that you can’t imagine, so, be careful and protect your hard work.

Avatar for Fathi Arfaoui
About Fathi Arfaoui

Fathi Arfaoui is a Physicist, Blogger and the founder of He shares Business, WordPress and Blogging tips to build a better blog and succeed online.

Disclosure: The recommendations on this page are my own based on my tests and analysis. We may earn a small commission from web hosts and other partners if you use my referral link to make a purchase. That’s what helps us to maintain the site and add fresh content, Thanks for your support.

Leave a Comment