TopSeoTutWordpressHow To Protect and Secure WordPress Login Page

How To Protect and Secure WordPress Login Page

Protect and Secure Wordpress Login Page
Protect and Secure Wordpress Login Page

Why protect and secure the WordPress login page is important?

The internet world getting bigger daily, whenever it gets bigger it gets more problems.

if your site gets famous and more visitors, you get more haters and bad competitors too and most of them trying hard to pull your site back by taking your site down or forcibly access to your site without your permission.

So you had to protect your site by securing your login page “wp-login.php”

What is the Best ways to protect wordpress login page ?

There is many ways to protect your login page from unauthorized access but in this post we will learn together the best, simple and fast ways to protect your site

  • Brute Force Login Protection Plugin
  • Setting up captcha system
  • Modify and add small code in .htaccess file

1- Brute Force Protection Plugin:-

Brute Force Login Protection is the simplest way to protect your site and its very lightweight plugin, After a specified limit of login attempts within a specified time, the IP address of the hacker will be blocked.

it has many useful features like:

  1. Limit the number of allowed login attempts using normal login form or using Auth Cookies
  2. Manually block/unblock IP addresses or whitelist trusted IP addresses
  3. Option to inform user about remaining attempts on login page
  4. Option to email administrator when an IP has been blocked
  5. Custom message to show to blocked users

Installation, setting up and configure Brute Force Login Protection plugin

  1. Install the plugin by visit wordpress directory page in your site
    Admin Dashboard / Plugins/ Add New / type in search bar “Brute Force Login Protection”
    and then click install button, or by uploading the files to your wp-content/plugin directory.
  2. Activate the plugin through the WordPress admin panel.
  3. Go to plugin setting page by Dashboard / Setting / Brute Force Login Protection and do the following options
  4. Allowed login attempts before blocking IP (5)
  5. Check box for Inform user about remaining login attempts on login page
  6. Check box for Send email to administrator when an IP has been blocked
  7. Scroll down to “Whitelisted IPs” and whitelist your pc ip
  8. Sleep deeply :D

Installation of Brute Force Login Protection Plugin

setting and configure Brute Force Login Protection Plugin

2- Setting up captcha system:-

A CAPTCHA is a type of challenge-response test used in computing to determine whether or not the user is human. it’s very useful to stop spam comments and proof to users that they are humans, not bots.

The best and simple way to setup a captcha system in wordpress by installing “Captcha” plugin by BestWebSoft

Installation, setting up and configure Captcha plugin

  1. Install the plugin by visit wordpress directory page in your site
    Admin Dashboard / Plugins/ Add New / type in search bar “Captcha by BestWebSoft”
    and then click install button, or by uploading the files to your wp-content/plugin directory.
  2. Activate the plugin through the WordPress admin panel.
  3. Go to plugin setting page by Dashboard / BWS Plugins / Captcha and do the following options

captcha plugin setting

3- Block WordPress login with .htaccess file:-

  1. Open your site root folder via FTP program like filezila or via cPanel page.
  2. Find .htaccess file and right click then choose edit.
  3. You might see text editor encoding dialog box pop-up, just click edit.
  4. Write the following code, and replace “11/22/33/44” with your own PC IP.
  5. You may know your ip first.
  6. Click save.
  7. Now no one can access your site except you.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^11/22/33/44$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

Best Practises for Secure WordPress Login Page

  • Don’t leave your site open for hackers, attackers and unauthorized access.
  • Don’t start edit .htaccess file if you don’t know to access your root folder.
  • Don’t be lazy and start protecting your site now before its too late.

If you have any suggestions or questions, just drop me a comment here and i will be very happy to help you.

Share this topic via Facebook, Twitter, and Google plus to help others protect their websites

RELATED ARTICLES
1 COMMENT
Most Popular

Recent Comments