Your site security is paramount and largely affects your performance and credibility as a blogger. One of the attacks you need to protect your WP site against is brute force attack. Brute force attack is where a hacker attempts various permutations and combinations of usernames or passwords to access your WordPress blog. It is well known that the common WordPress admin URL is “wp-admin,” is easy for any hacker to use brute force attacks. This review will focus on how to secure login using two WordPress plugins. One is used to change WordPress admin login URL for WordPress in regards to security and another one is to simply enhance user experience. The report will also include useful resources that will generally help you to improve your web security.
How To Change WordPress Admin Login URL With WPS Hide Login Plugin
If you are looking for a plugin with no complications in changing the admin, then WPS Hide Login is the real deal. It has over 90,000 downloads and is installed by searching “WPS Hide Login” from the WordPress dashboard.
Here is how to change WordPress admin login:
Once the plugin is installed and activated, select Settings > General to have the options configured. On scrolling down to the bottom, there’s an option to configure the “WPS Hide Login” plugin.
Preventing brute force attack using limit login attempt is infective if the hacker is using botnet attack. The hackers run the attack using 90,000+ I. P., this makes it difficult for limit login attempt plugin to work.
Put anything in the blank space which will be your new login URL. When you are the only person handling the blog, use any word you find easy to remember. If you use a complex word, ensure you save the unique login URL in your browser bookmark.
Note that the point is, don’t leave “admin” as a username on your blog when you change admin login WordPress. This means as you create a new user with admin privilege, you should also delete a user with username “admin.”
This is to make the login page hard to discover. Your WordPress login page will be improved greatly. The plugin simply intercepts page requests and integrates with any WordPress website. It doesn’t rename or change any core files neither does it add rewrite rules. Ensure you always have a timely backup of your WordPress blog for a quick recovery once your blog has been compromised. Also, avoid repeating your password on all sites.
See more: Ways to Install Your First-Ever WordPress Theme
How to Improve Your Branding by Changing WP Login and Registration
Several plugins are available in the market that allows you to rename your WordPress login, password reset, register, and logout URLs. This is best when you have a multi-author blog or your WordPress site has multiple users who regularly register or login. IThemes Security is most popular to carry out this task.
Another useful plugin built for renaming WordPress admin login, registration and other pages is Custom Login URL plugin. It’s another easy to use the plugin.
After installation and activation of the plugin go to Settings > Permalink to configure. You can rename the registration URL, lost password URL, logout URL, login URL and authentication redirects. Other ways of how to secure login are:
• Multiple backups
This is a necessity when running a blog or multiple blogs and it gives you quick recovery of your data.
Also, you can check Best Backup WordPress Plugins
• Download plugins from known sources
Some of the most effective elements in the WordPress are plugins. Don’t underestimate them when it comes to your blog’s security. Over 40,000 plugins are in the WordPress repository today and other online markets too.
- Before you download any plugin from anywhere, look for the following
- The plugin’s author, its reviews, comments, and other options related to the given plugin
- Whether the plugin is free or paid
- Whether the author is responsive to the users or not
- Always remember to update your WordPress environment
To have your website running securely is a continuous process. Make a comment about having all your files updated to their latest versions to enhance your website’s security. Moreover, you need to keep your WordPress clean. A clean WordPress environment is free from unused plugins. Deactivated plugins and old themes bring security issues because they are not updated.
• Disable trackbacks
Trackbacks and pingbacks notify that there’s a linked content to another web page. Hackers can use trackbacks to cause a massive distributed denial-of-service attack (DDoS).
• Set file and folder permissions to correct values
Files and folders permissions are set rules that give specific individuals access to write, read, or modify them. The permissions are given with a three-number value to any files and folders.
• Disable login hints
When you type a wrong or a non-existent username on your WordPress website, a hint will tell you that you have either entered a wrong password or it doesn’t match with the username. This presents a golden chance for hackers to intrude your website, and hence, the need to disable it immediately.
Quick Video Review on Change WordPress Admin Login URL
Source: Jason Jones
Conclusion
Hackers are a nuisance to any serious blogger. Much effort and finances go into writing, and hence, don’t put them to waste that is why I recommend you protect your work by enhancing your blog’s security. Also, make it harder for hackers to guess your WordPress admin login URL by changing it because it improves the security of your WordPress blog greatly. If you have a multi-author blog or others also regularly interact with the login and registration page, it is advisable to use another plugin suited to change admin login WordPress.
Here are few more topics that you shouldn’t miss:
Analitify Review: Google Analytics Plugin for WordPress
4 Best Membership Plugins
WP Rocket Review: The Best Cache Plugin for WordPress
Like this post? Don’t forget to share