How to secure wordpress login
There are many ways used by hackers to get into your website by force. Of course you don’t want your content suddenly inaccessible and only shows white screen, isn’t it? If you are using WordPress, one of the holes was often visited is the wp-admin section. This is the main reason why you need a How to secure WordPress login. Errors on your website can affect the decrease in the number of website visitors. What happens if they access your website and can not even find the content they want? Yes, they might leave immediately and never want to access your website again. We suggest you should do the anticipation so that bad things don’t happen on your website. Please refer to the following trick.
Before starting this tutorial, we will discuss a little bit about brute force attack. How does this attack? Brute force often targeting WordPress login page or page with the URL yourdomain.com/wp-login.php. The login page is predictable because it is the default login URL to the WordPress dashboard. Once they know the WordPress login URL, the next mission is of course get your username and password. The username is usually easy to guess, especially if you use the default username that is admin. It’s just that, even if a username has been obtained, the hacker needs to know your password to launch a brute force attack. Furthermore a script will try to login using password combinations until the program gets the correct WordPress login password. Wouldn’t this sound horrible? Hackers will deploy all means to get your personal data. Even worse, your website can become an easy target if it does not have extra security, especially on the login page. In this tutorial we will discuss ways that you can do to anticipate such attacks by limiting access to the WP Admin.
How to secure WordPress login
- Change WordPress Login URL
Another way to secure your WP Admin is to change the URL of the login to the WordPress dashboard. This just helps reduce the experiment conducted by the login script or other users without your permission. You can install the plugin called All In One WP Security & Firewall
- Limit the number of Invalid Login.
Another way that you can do is use Limit Login Attempts Reloaded plugin.
Brute force will keep experimenting until login to WordPress works. This plugin will limit the number of login attempts made from the same IP.
- Install and activate the plugin.
- Once the plugin is active, you can do the setting easily. Please select menu Settings > Limit Login Attempts..
- Total Lockouts: contains the number of failed logins experiment being performed.
- Allowed retries: the number of login attempts allowed for one IP.
- Minutes lockout long time IP blocked.
- Lockout Increase: long time block after several unsuccessful login attempts.
- Hours until retries: Long time blocking system will be reset.
You can also do a blacklist or whitelist certain IP’S by entering the IP in the Whitelist and Blacklist.
Thank you very much for reading How to secure wordpress login, hopefully useful. In short, attacks like brute force on the login page of your website can be anticipated with limiting the number of opportunities the login from the same IP. If you have other ways to anticipate this, please share your comments in the comments field that is available at the end of this post. You can also read WordPress security tips and tricks for more secure your WordPress.