How to Secure WordPress Login Page in Simple Steps

In WordPress by Fathi Arfaoui0 CommentsLast Updated: September 28th, 2017

If you have a new blog and you haven’t searched for security solutions yet, you should do it right now. Hackers are developing their skills to access your admin panel and make you out of the game.

I know that there are good hackers who do something good, but, there are bad others who try to stop your business for any reason. In this post, you will learn simple tips to secure WordPress login page and stay safe.

Before starting, you should know that you need to protect your password and login details first. If you can’t remember complicated passwords, you need to save logins in a locally outside your computer. On a paper, for example, to expect bad things, it’s a stupid idea to save passwords on the computer.

What happens when your antivirus stop working without notifications? Or when someone accesses your laptop?. So, expect all the bad things, and save your login details in a safe place.

WordPress login page protection ways

1. Create a strong password

Secure WordPress login page

This is the way to secure your WordPress login page. It’s not hard to create a strong password for more than 20 characters, you should select a password that you never and will never use on other pages or websites. Make it unique without ”0000” as stupid one does, and add letters, words, numbers, symbols… In other words, make it impossible to remember, you can use one of the password generator tools to create one, then, save it in a safe place.

2. Never use “Admin” as a username

What you should know is that people who try to access your login page will use “admin” as username and generate unlimited password combination. If they’re lucky, they will get access with the exact password. So, if you really care about your blog, you should change your username if it’s “admin”.

Related Content:  How to Add Nofollow Attribute to Links in WordPress Posts

I know that WordPress self-hosted software won’t allow changing the username. What you need to do is create another user, then delete your current user and transfer all your posts to the new one.

3. Protect your wp-admin area

It’s not a hard job to protect your Admin area with a password. You can do that in your cPanel account. Just login, and find “password protect directories” as the screenshot below.

Protect admin area with Password

Then, you need to choose a different password from the one that you use to login. Thus, you will get double the login process, with two different details. If the first found, the second login still works.

If you select strong passwords, they will never find them. At the same time, make sure to add the following code after the WordPress rules in the htaccess file:

ErrorDocument 401 default

This code will solve the redirect errors after protecting directories. Then add the code in the ”.htaccess” file inside the wp-admin directory. Please remember, you need to add this code in the wp-admin htaccess, it’s different from the parent ”htaccess” file.

Related reading: Fixing the WordPress theme install failed.

Thus, you will need to login twice, even, when you are signed in your dashboard. It’s the best security for you.

4. Install the Limit Login Attempts Plugin

Limit Login Attempts is the best solution to secure WordPress login page. It allows you to select how many times the plugin blocks the login attempts, and send you a notification with the IP address if someone tries to login multiple times. It’s a free and powerful tool to help you protect your WordPress login page.

Related Content:  How to Change the Font Colors and Size in WordPress

5. Install Captcha Plugin

This is not an option but a must-have tool. You need to secure the login page with captcha, thus, robots will not be able to login. The plugin will generate a strong verification like, words and mathematical symbols that require a human to solve. This is also a free plugin used by thousands of people who care about their sites, are you too?

Other good plugins to protect the WordPress login page

Stealth Login Page it protects your login page without the need to edit the htaccess file. If you need simple solutions, then you can install it, it’s powerful and good.

Login Security Solution is another plugin that stops people who try to login. It scans the IP, and send a request that needs a response to verify the login session.

These are the necessary solutions to secure your WordPress login page. Keep in mind that all these solutions will be useless if you don’t protect your password and details. At the same time, make sure to never respond to emails with your login details, even, if your web hosting provider asks you for your login information. Never respond, it comes that a hacker tries to get your login using ways that you can’t imagine, so, be careful and protect your hard work.

About Fathi Arfaoui

Fathi Arfaoui: Blogger, and the founder and owner of Trustiko.com. He shares Business, Blogging, WordPress, Web Safety, and Blogging tips to build better websites and blogs. Also, he shares online marketing strategies and recommendations.

Leave a Comment