How to secure WordPress' wp-login – Detailed instructions

Share the post

How to secure WordPress against attack is the big question. Because of the popularity of wordpress software, you can clearly see a lot of attacks targeting your wp-admin page with the aim of taking over the admin rights of wordpress and starting to install malicious software.

To prevent this, the following necessary steps will need to be taken to ensure system optimization

  1. Backup wordpress regularly, by day or by week to be able to get back the backup when needed (because once infected with malicious code, it is difficult to separate the source code)
  2. Install the plugin to hide the login page:
  3. Install F2A 2-layer security code to help secure login through Wordfence
  4. Block wp-admin access via htaccess

Below are the details of the above mentioned items:

1- Backup website

Back up Website regularly through backup function on hosting or you can use FTP to backup source code and database daily. Contact your WordPress hosting to buy or use this function (JAYbranding offers a daily backup function for the last 1 week)

2- Install WPS Hide Login

By default, when you type or, it will automatically redirect to the login page. According to this security, the software often uses the chain attack function, for example, they will continuously enter the user name admin / 123456 and other easy-to-remember passwords, then when the system is duplicated, the system will be logged in.

The form of hiding the login page is the most primitive form, but at least it limits the attacking robots.

How to do, after installing the plugin WPS Hide Login, you access the settings section and change the default login page to the desired page. Should add random character string to increase security for example loginmxjfei328

guide to hiding the wordpress login page

If you forget this string, you just need to delete the plugin and the web will be back to normal

3- Install 2-layer security via Wordfence plugin

After installing the Wordfence plugin, go to Login Security \ select the Two Factor Authen tab.

Then use any app on your phone such as Authy or Google Authenticator and scan the image displayed on your window. Since then every time you login it will ask for an additional code, this code you will get from your phone

Secure your WordPress website with the Wordfence Plugin - AZDIGISTRUCTIONS

4- Lock folder through htaccess

This method only applies to those of you who have knowledge of coding and is the most secure form of lock and the most difficult to hack for both robots and hackers.

It will lock in the form of showing a login user / pass box for users to enter, incorrect input will delete access


Step 1: Go to the page Htpasswd Generator and generate a random user/password for htaccess. Then press Create .htpasswd file. This tool will automatically generate a .htpasswd file:

Step 2: Use the above file to save “.htpasswd” and upload it to the WordPress root directory. You can use notepad to compose files:

Step 3: Add the following code inside the .htaccess file available on the server (in the root directory):

# Stop Apache from serving .ht* files
<Files ~ "^.ht">
Order allow,deny
Deny from all

# Protect wp-login
<Files wp-login.php>
AuthUserFile ~/.htpasswd
AuthName "Private access"
AuthType Basic
require user yourusername

Remember to change yourusername to username in the .htpasswd file.

Thus, you can already activate security for wordpress on your hosting. At JAYbranding, we have built-in for you so that businesses can focus on developing content rather than worrying about website security.

Typical projects


Website X-men – uy lực và bứt phá Hẳn cái tên X-men không còn là cái tên quá xa lạ

Website DOLAV Vietnam Dolav là nhà cung cấp toàn cầu, đi đầu về các giải pháp lưu trữ và xử

Dr. Nguyen Giap BS. TRẦN NGUYÊN GIÁP Bác sĩ Trần Nguyên Giáp tốt nghiệp ngành Bác sĩ đa khoa tại Đại học

© Copyright by JAYbranding – All rights reserved.

We would like to advise you in more detail.
Please enter information to receive a consultation