Hackers have taken control of the world. With enough information security statistics, no system is secure. Hackers are evolving. There are enough tools and technologies online to teach anyone to become a hacker easily. Any system is not completely secure, everything can be hacked. The reason is simple. Creativity has no limitations, and it is difficult for any system to block the human mind. But we can’t leave WordPress because we believe we will be hacked one day. The weak link of WordPress is the login page. Anyone knows its limitations, and hackers especially want the login page to access the WordPress dashboard. Once hackers reach the dashboard, they will have unlimited power, which can easily lead the website into chaos.
The correct use of security plug-ins, conventions and one-time changes to the WordPress platform can reduce the possibility of being invaded by hackers. There are many plug-ins, tutorials and other projects to help achieve this. Today, let’s see how to protect WordPress login from hackers. Table of contents 1 Use login attempt limit 2. Restrict WordPress administrator login to IP address 3. For single IP address access: 4. Change the default user name from admin to another name. 5. Use creative long password 6. Use Google security character 7. Change the default URL of the login page 1. Burteforce attacks that limit login attempts are common. Hackers will try all possible combinations and find out which combination to run. How can we stop it? Do you want to limit the number of login attempts? Yes, that’s right.
Moreover, in order to obtain the desired results, it is best to use the limit login attempts plug-in. The plug-in has more than one million installations and is fully compatible with the latest version 4.1.1. You can use the plug-in to limit the number of retries for login prompts. If violated, the IP will be blocked and any attempt not to discriminate against the WordPress landing page will be blocked. login attempt restrictions here. 2. If the user needs to use the IP address to access the WordPress administrator login restricted management area, please put this code in the root document of the domain. Add to the htaccess file and make sure show hidden files is selected.
3. Single IP address access: Male
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)? wp-login\. php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)? wp-admin$
RewriteCond %{REMOTE_ADDR} !^ 123\.123\.123\.123
$
RewriteRule ^(.*)$ – [R=403,L]
For multiple IP access:
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)? wp-login\. php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)? wp-admin$
RewriteCond %{REMOTE_ADDR} !^ 123\.123\.123\.121$
RewriteCond %{REMOTE_ADDR} !^ 123\.123\.123\.122$
RewriteCond %{REMOTE_ADDR} !^ 123\.123\.123\.123$
RewriteRule ^(.*)$ – [R=403,L]
Male 123 \. 123 \. 123 \. 123 \. 121 need to change to your own IP address. If you don’t know, visit: whatismyipaddress. com
4. Change the default user name from admin to another name. I’ve been using WordPress for the past six months. Hundreds of WordPress have one thing in common with Klein
I handled t. The user name of the blog is \
Let’s start with the following topics: In order to protect the creativity of password, 5. We all like short and sweet passwords because they are easy to remember and use. But the cost is high. Fragile passwords such as 123456, name123 and schooname123 are often used by hackers to join login pages indiscriminately. By default, the indifference input dictionary contains all these passwords, and you can easily crack the login page in a few minutes. So what is a good password? All alphanumeric passwords that contain letters, special characters, and numbers are the best passwords. But the problem is that users may create very simple passwords. For example, the combination of name123# can be easily cracked by using indifference substitution attack.
What are the ways to overcome human errors when generating passwords? The answer is to use an automatic password generator. The most famous is random. Org password generator. The password generator generates high-strength passwords. 6. Use Google secure SMS. I like Google secure SMS. Provide default login protection for WordPress pages. In my wordpress blog, use login restrictions and Google security characters. One is that it works well, but it provides better automated and undifferentiated attack protection than the login restriction plug-in, so we will oppose it.
WordPress can find a large number of Google captcha plug-ins, but best websoft plugin’s Google captcha is the best choice. We implemented Google captcha concisely on the login page. In addition, you can use plug-ins and other formats in WordPress blogs to expand the use of Google captcha in WordPress blogs. 7. Change the default URL on the login page. I have mentioned how hackers can maliciously take advantage of the preferences set during the installation of WordPress. Another very vulnerable aspect is the login page URL.
The default URL page for WordPress login is www.websitename. com\/wp-admin。 So, what’s the clue here? The best way is to change the login page of WordPress website. In this way, most hackers will leave the first instance without finding the login page. The login change page is ideal for organizations where many users work on the WordPress website and continue to log in and out of the system. In WP management, there are excellent articles about the change of the default URL of the login page. It is recommended to change the default login URL to a different one through the link.
The final login page is the entry point to the most powerful location on all websites, such as the WordPress dashboard. On the dashboard (with the right permissions), you can easily change all other aspects of the site. Dashboards can also be used to conquer the entire website and steal important information about plug-ins, settings and content. In order to protect the website from hacker attacks, it is recommended to back up the website regularly. Sites are usually backed up by a site hosting provider, but the general rules for creating direct backups are
There are rules. WordPress is an amazing platform, but if you don’t manage the default security settings, you can easily give hackers the motivation to invade the system. The login page encountered an unsafe problem. The login history always shows that someone tried to log in. We use Google captcha and restrict login attempts to completely minimize wrong login attempts. Do you have anything to add to the story? Please leave comments below and let me know.
