Securing WordPress Admin Panel. Any tips please?

@sanyam-Nl7Zqc • Oct 25, 2024

Oct 25, 2024

1.3K

So, now that we have a blog, it's really important to secure the admin access of our website.

I have read some articles and the official WordPress site, for tips to secure the admin access, one way is to have a different url for logging in, than the default wp-admin directory and prevent direct access to wp-admin url.

Secondly, we can restrict the no. of attempts a user can make to login.

While, I was reading all these things, some people say, to use plugins for all the stuff, while it can be done manually too.

Obviously using plugins would make the work pretty fast, but wouldn't so many plugins, increase the site loading time and may effect site performance?

Secondly, please if someone knows some better ways to secure WP login, then please tell.

Help needed.

Thanks in advance.

Like 0 Replies 8

Replies

Welcome, guest

Join CrazyEngineers to reply, ask questions, and participate in conversations.

CrazyEngineers powered by Jatra Community Platform

Manish Goyal

@manish-r2Hoep • Nov 15, 2013

You can install php ids , it will simply block any user in case of suspicious activity
0
Sanyam Khurana

@sanyam-Nl7Zqc • Nov 15, 2013

What I have now done is installed a plugin named better WP security, + done some tweaks with .htacess file of WordPress, and changed the default url for accessing the admin panel, to something else.

The default admin url now redirects to the homepage, ie #-Link-Snipped-# , is now redirected to #-Link-Snipped-#

Only admins would know what is the url for logging in to the backend of the site.

Moreover, I have removed any error messages that may pass when any user enter wrong password etc.

Plus, I have also secured the database, and generated automated backups of the site.

I have also hidden the version of WordPress the blog is on, and all the additional information that a blog may just give away.

Done much !

Can't disclose everything 😛

0
Sanyam Khurana

@sanyam-Nl7Zqc • Nov 15, 2013

And yes, reduced the no. of login attempts for a particular IP, and particular user account.

I am thinking to automatically blacklist the node if several login attempts fail, but this requires caution, as it may happen , if somehow, system blocked me, Website wouldn't be accessible by anyone.
0
Manish Goyal

@manish-r2Hoep • Nov 15, 2013

Nice, but still I don't think wordpress is much more secure cms as compared to other

FYI: recently truecaller database was also hacked, and it was due to some bug in wordpress

Just a tip: Install plugins that have maximum rating , avoid using unwanted plugins or don't have much ratings
0
Sanyam Khurana

@sanyam-Nl7Zqc • Nov 15, 2013

Manish Goyal
Nice, but still I don't think wordpress is much more secure cms as compared to other

FYI: recently truecaller database was also hacked, and it was due to some bug in wordpress

Just a tip: Install plugins that have maximum rating , avoid using unwanted plugins or don't have much ratings
Yeah !

I'm observing that for each plugin, and there's not a single site in this world which can't be hacked, just our precautions make us stronger among others 😉
0
avii

@avii-TGGs8o • Nov 22, 2013

Where you hosted your blog? Is it on your server or shared hosting or your own machine?

A simplest solution for a starter is to not to allow HTTP get/post requests for the admin pages from any IP address other than yours.
0
Abhishek Rawal

@abhishek-fg9tRh • Nov 23, 2013

@#-Link-Snipped-# IDK why but I think we should try 'Ghost' for once,since we don't have moreof contents in website.

0
Sanyam Khurana

@sanyam-Nl7Zqc • Nov 23, 2013

Someone just recently tried to hack the site,around three days back, but successfully the system blocked his IP..

Phew..!!

@#-Link-Snipped-# I'll try that thing..

0