How to secure WordPress' wp-login – Detailed instructions

Share the post

Article table of contents

How to secure WordPress against attack is the big question. Because of the popularity of wordpress software, you can clearly see a lot of attacks targeting your wp-admin page with the aim of taking over the admin rights of wordpress and starting to install malicious software.

To prevent this, the following necessary steps will need to be taken to ensure system optimization

  1. Backup wordpress regularly, by day or by week to be able to get back the backup when needed (because once infected with malicious code, it is difficult to separate the source code)
  2. Install the plugin to hide the login page: https://wordpress.org/plugins/wps-hide-login/
  3. Install F2A 2-layer security code to help secure login through Wordfence
  4. Block wp-admin access via htaccess

Below are the details of the above mentioned items:

1- Backup website

Back up Website regularly through backup function on hosting or you can use FTP to backup source code and database daily. Contact your WordPress hosting to buy or use this function (JAYbranding offers a daily backup function for the last 1 week)

2- Install WPS Hide Login

By default, when you type yourdomain.com/wp-admin or yourdomain.com/wp-login.php, it will automatically redirect to the login page. According to this security, the software often uses the chain attack function, for example, they will continuously enter the user name admin / 123456 and other easy-to-remember passwords, then when the system is duplicated, the system will be logged in.

The form of hiding the login page is the most primitive form, but at least it limits the attacking robots.

How to do, after installing the plugin WPS Hide Login, you access the settings section and change the default login page to the desired page. Should add random character string to increase security for example loginmxjfei328

guide to hiding the wordpress login page

If you forget this string, you just need to delete the plugin and the web will be back to normal

3- Install 2-layer security via Wordfence plugin

After installing the Wordfence plugin https://en.wordpress.org/plugins/wordfence/, go to Login Security \ select the Two Factor Authen tab.

Then use any app on your phone such as Authy or Google Authenticator and scan the image displayed on your window. Since then every time you login it will ask for an additional code, this code you will get from your phone

Secure your WordPress website with the Wordfence Plugin - AZDIGISTRUCTIONS

4- Lock folder through htaccess

This method only applies to those of you who have knowledge of coding and is the most secure form of lock and the most difficult to hack for both robots and hackers.

It will lock in the form of showing a login user / pass box for users to enter, incorrect input will delete access

 

Step 1: Go to the page Htpasswd Generator and generate a random user/password for htaccess. Then press Create .htpasswd file. This tool will automatically generate a .htpasswd file:

Step 2: Use the above file to save “.htpasswd” and upload it to the WordPress root directory. You can use notepad to compose files:

Step 3: Add the following code inside the .htaccess file available on the server (in the root directory):

# Stop Apache from serving .ht* files
<Files ~ "^.ht">
Order allow,deny
Deny from all
</Files>

# Protect wp-login
<Files wp-login.php>
AuthUserFile ~/.htpasswd
AuthName "Private access"
AuthType Basic
require user yourusername
</Files>

Remember to change yourusername to username in the .htpasswd file.

Thus, you can already activate security for wordpress on your hosting. At JAYbranding, we have built-in for you so that businesses can focus on developing content rather than worrying about website security.

Typical projects

Le Palmier Ho Tram

Every holiday or weekend, with only 2 hours of driving, customers can freely enjoy the seconds

HT House

Newly born in 2014, but HT House has really been cooked since 20 years ago in the minds of people

HANA Asia Serviced Office

Client: Waterina Suites Category: Hotel – Interior, Home Production team: JAYbranding HANA Asia Serviced Office (former name: Leopalace21 Vietnam) is a business

More detail...

Please let us assist you in the solution

Please input your contact