Securing WordPress Admin Panel. Any tips please?
So, now that we have a blog, it's really important to secure the admin access of our website.
I have read some articles and the official WordPress site, for tips to secure the admin access, one way is to have a different url for logging in, than the default wp-admin directory and prevent direct access to wp-admin url.
Secondly, we can restrict the no. of attempts a user can make to login.
While, I was reading all these things, some people say, to use plugins for all the stuff, while it can be done manually too.
Obviously using plugins would make the work pretty fast, but wouldn't so many plugins, increase the site loading time and may effect site performance?
Secondly, please if someone knows some better ways to secure WP login, then please tell.
Help needed.
Thanks in advance.
I have read some articles and the official WordPress site, for tips to secure the admin access, one way is to have a different url for logging in, than the default wp-admin directory and prevent direct access to wp-admin url.
Secondly, we can restrict the no. of attempts a user can make to login.
While, I was reading all these things, some people say, to use plugins for all the stuff, while it can be done manually too.
Obviously using plugins would make the work pretty fast, but wouldn't so many plugins, increase the site loading time and may effect site performance?
Secondly, please if someone knows some better ways to secure WP login, then please tell.
Help needed.
Thanks in advance.
Replies
-
Manish GoyalYou can install php ids , it will simply block any user in case of suspicious activity -
Sanyam KhuranaWhat I have now done is installed a plugin named better WP security, + done some tweaks with .htacess file of WordPress, and changed the default url for accessing the admin panel, to something else.
The default admin url now redirects to the homepage, ie #-Link-Snipped-# , is now redirected to #-Link-Snipped-#
Only admins would know what is the url for logging in to the backend of the site.
Moreover, I have removed any error messages that may pass when any user enter wrong password etc.
Plus, I have also secured the database, and generated automated backups of the site.
I have also hidden the version of WordPress the blog is on, and all the additional information that a blog may just give away.
Done much !
Can't disclose everything 😛 -
Sanyam KhuranaAnd yes, reduced the no. of login attempts for a particular IP, and particular user account.
I am thinking to automatically blacklist the node if several login attempts fail, but this requires caution, as it may happen , if somehow, system blocked me, Website wouldn't be accessible by anyone. -
Manish GoyalNice, but still I don't think wordpress is much more secure cms as compared to other
FYI: recently truecaller database was also hacked, and it was due to some bug in wordpress
Just a tip: Install plugins that have maximum rating , avoid using unwanted plugins or don't have much ratings -
Sanyam Khurana
Yeah !Manish GoyalNice, but still I don't think wordpress is much more secure cms as compared to other
FYI: recently truecaller database was also hacked, and it was due to some bug in wordpress
Just a tip: Install plugins that have maximum rating , avoid using unwanted plugins or don't have much ratings
I'm observing that for each plugin, and there's not a single site in this world which can't be hacked, just our precautions make us stronger among others 😉 -
aviiWhere you hosted your blog? Is it on your server or shared hosting or your own machine?
A simplest solution for a starter is to not to allow HTTP get/post requests for the admin pages from any IP address other than yours. -
Abhishek Rawal@#-Link-Snipped-# IDK why but I think we should try 'Ghost' for once,since we don't have moreof contents in website.
-
Sanyam KhuranaSomeone just recently tried to hack the site,around three days back, but successfully the system blocked his IP..
Phew..!!
@#-Link-Snipped-# I'll try that thing..
You are reading an archived discussion.
Related Posts
Most people like me rely on instant coffee for their daily dose of caffeine but connoisseurs like their cup of java made from freshly ground beans. Since trips to your...
It’s official. Motorola Mobility is coming back to India with its new Moto G smartphone in the year 2014. Motorola had shut down its official website for the country at...
As we know, opamp amplifies both ac & dc input signals.
I would like to know what could be the resultant output if one terminal is given dc signal &...
Europe will now allow in-flight use of electronics throughout the flight - right from take off to landing. I'm curious to know what's changed with the flight electronics & communication...
I first ignored SnapChat thinking it was just another 'me-too' version of WhatsApp. But when Facebook is willing to bet $3 billion on them; SnapChat is definitely something we can't...