If you have a new blog and you haven’t searched for security solutions yet, you should do it right now. Hackers are developing their skills to access your admin panel and make you out of the game.
I know that there are good hackers who do something good, but, there are bad others who try to stop your business for any reason. In this post, you will learn simple tips to secure WordPress login page and stay safe.
Before starting, you should know that you need to protect your password and login details first. If you can’t remember complicated passwords, you need to save logins in a locally outside your computer. On a paper, for example, to expect bad things, it’s a stupid idea to save passwords on the computer.
What happens when your antivirus stop working without notifications? Or when someone accesses your laptop?. So, expect all the bad things, and save your login details in a safe place.
- Related: Fix the redirect loop in WordPress.
WordPress login page protection ways
1. Create a strong password
This is the way to secure your WordPress login page. It’s not hard to create a strong password for more than 20 characters, you should select a password that you never and will never use on other pages or websites. Make it unique without ”0000” as stupid one does, and add letters, words, numbers, symbols… In other words, make it impossible to remember, you can use one of the password generator tools to create one, then, save it in a safe place.
2. Never use “Admin” as a username
What you should know is that people who try to access your login page will use “admin” as username and generate unlimited password combination. If they’re lucky, they will get access with the exact password. So, if you really care about your blog, you should change your username if it’s “admin”.
I know that WordPress self-hosted software won’t allow changing the username. What you need to do is create another user, then delete your current user and transfer all your posts to the new one.
3. Protect your wp-admin area
It’s not a hard job to protect your Admin area with a password. You can do that in your cPanel account. Just login, and find “password protect directories” as the screenshot below.
Then, you need to choose a different password from the one that you use to login. Thus, you will get double the login process, with two different details. If the first found, the second login still works.
If you select strong passwords, they will never find them. At the same time, make sure to add the following code after the WordPress rules in the htaccess file:
ErrorDocument 401 default
This code will solve the redirect errors after protecting directories. Then add the code in the ”.htaccess” file inside the wp-admin directory. Please remember, you need to add this code in the wp-admin htaccess, it’s different from the parent ”htaccess” file.
Related reading: Fixing the WordPress theme install failed.
Thus, you will need to login twice, even, when you are signed in your dashboard. It’s the best security for you.
4. Install the Limit Login Attempts Plugin
Limit Login Attempts is the best solution to secure WordPress login page. It allows you to select how many times the plugin blocks the login attempts, and send you a notification with the IP address if someone tries to login multiple times. It’s a free and powerful tool to help you protect your WordPress login page.
5. Install Captcha Plugin
This is not an option but a must-have tool. You need to secure the login page with captcha, thus, robots will not be able to login. The plugin will generate a strong verification like, words and mathematical symbols that require a human to solve. This is also a free plugin used by thousands of people who care about their sites, are you too?
Other good plugins to protect the WordPress login page
Stealth Login Page it protects your login page without the need to edit the htaccess file. If you need simple solutions, then you can install it, it’s powerful and good.
Login Security Solution is another plugin that stops people who try to login. It scans the IP, and send a request that needs a response to verify the login session.
These are the necessary solutions to secure your WordPress login page. Keep in mind that all these solutions will be useless if you don’t protect your password and details. At the same time, make sure to never respond to emails with your login details, even, if your web hosting provider asks you for your login information. Never respond, it comes that a hacker tries to get your login using ways that you can’t imagine, so, be careful and protect your hard work.