Currently, WordPress Powers 31% Percent of the total websites in the world. This sounds great, but at the same moment, it reminds us of its exposure to Hackers.
WordPress is itself secured and time to time updated with new security features and standards But Installing plugins Makes it Vulnerable.
Moreover, outdated plugins are quickly and usually Targeted by Hackers. The best thing you can do is to “Secure The Wp-admin Directory,” and I prefer it’s the first thing you must do.
If you have a multi-author blog, follow this tutorial right now. Your blog is more prone to attackers than single-author blogs when you share your login URL with others.
Always keep your login URL confidential and share it with only trusted people.
To Secure The Wp-admin Directory is an easy task, I will make it simpler for you.
Methods we will use in this tutorial:
- With a Plugin
- Without a Plugin
After you have found the plugin, click on Install Now. Let the installation process get completed.
- Step 2
- 2nd Method
- Step 1
- Step 2
- Hardening With WordPress Security Plugin
Now when you have successfully installed the plugin, you can head towards the General settings and scroll down to the bottom.
Here you will find your login URL slug changed from “/wp-admin” as “login” by default you can change your slug in anything you want.
* Note – keep in mind, that you want your users to keep a distance from your WordPress login window so try to avoid slugs like “admin” “administrator” “your name” etc.
This requires a little bit of technical knowledge, and beginners are advised to follow the above method, which is very, very easy.
Login to your C-panel. If you don’t know how to, log in to your Web Host account and look for the Admin management section or simply if you know your credentials, go to yourdomain.com/cpanel.
From there, head towards the “Directory Privacy” section and click to open. Look for the “public_html” folder and click to open. Now you will see your “Wp-admin” directory. Click to open, and a screen like this will be shown:-
First, Click on the box against the “password protect this directory option,” then hit save. Do Not fill the password and username before hitting the first save button. Now click on the back option shown on the next screen.
After you have come back, fill out the details as mentioned and click on the second save button. You have now successfully secured your wp-admin directory. Now your login page will look like this:
Go Ahead and Try to login and check if everything is working fine.
Hardening With WordPress Security Plugin
Now that you have secured your wp-admin directory, You must harden the overall security of your WordPress site.
You should read about the best WordPress security plugins to keep your site secure from overall threats and vulnerabilities.
I recommend using either Sucuri or CleanTalk. They both provide a web application firewall and IP checking wp-admin security.
You don’t need any fancy plugin like Wordfence. They don’t have any admin protection feature, which means they’ll only increase your database size and server load. You would also like to read when wp-admin redirects to a 404 page or refreshes.
I would love to hear about your experience with the above methods in the comments.