WordPress login security: 5 simple steps to protect the login page

WordPress is the most popular CMS in the world because it is easy to build a website. Although it is a free CMS, it still has to pay. WordPress is very predictable, which sometimes makes it an easy goal.

Take the login page as an example.

Each WordPress website has the same login page (/wp-dmin.com or /wp- login.php). Combining predictability with the preferences of human use of weakness, this page becomes a seductive goal for hackers.

Security experts said that login page is the most vulnerable page on the website. Every day, hackers deploy robots to attack the page violently. By finding your login credentials, they can easily access your CMS. Therefore, you must do your best to protect it from the infringement of these uninvited guests.

In this article, we will show you five advanced methods to improve the security Prevent hacking.

How to protect the WordPress login page in 2022

There are many bad suggestions in the field of network security. Most of them aims to get people in fear and let them succumb to compulsive choices. In this article, we will show you the actual effective method, not to increase noise. Those are:

Note: To implement the measures we mentioned below, you need to install one or two This plug -in. And we know that even the best plug -in can cause failure.

Therefore, back up your website before continuing.

Now, let’s start: 1. Change the login page URL

As we said at the beginning of the article, the default default WordPress login page is shown below:

www.website.com/wp-dmin/

www.website.com/wp- login .php/

• Everyone knows this, including a hacker designing a robot for the WordPress login page. And because 59% of Americans

[1]

• use weak passwords, it is too easy to solve the website through bruch login page .

A method to protect the login page is to change the URL.

It is easy to create a new custom login page URL. There are many available plug -ins for you to click a few times to complete this operation.

We will use WPS to hide the login plug -in to demonstrate the process, but if you prefer any other plug -in ,please continue. These steps will be simple and fast. How to change your WordPress login URL Installation and activation

WPS hidden login.

Turn to

Settings → WPS Hidden login

Roll downward at the bottom of the page, insert a new URL in the

login url

, and then click Save Changes .

Try to log in with the new URL. Don’t forget to share with your teammates.

If you need help, this is our special guide: how to change your WordPress login page URL.

2. Implementation dual -factor authentication

You must have encountered dual identity verification when using Facebook and Gmail. Whenever you try to log in to your account, these services usually send a unique code to your registered mobile phone number. This security measure is to ensure that only the account owner can access it. Even if a hacker can get your credentials, they cannot steal the only code sent to your registered mobile phone number.

Dual identity verification can also be applied to your WordPress website. It will add a layer of security to the login page. All you need to do is to install any plug-in: The Google authentication device of minioraange Google authentication-two factors authentication (2FA)

wpp WP 2Fa

to set two factors authentication plug -ins is very easy. We will show you the setting process with the Google Authenticator of Miniorange.

How to realize the dual -factor authentication

Install the Google Authenticator of Miniorange on your WordPress login page. Once you activate the plug -in, a set of components will appear. Select the first option,

Google Authenticator

.

Next, in your you Google Authenticator app on smartphones. Open the application and scan the QR code .

This application generates a

code

. Enter it in a small component and click save .

2FA WORDPRESS login security is now in a state of activity on your login page.

3. The login attempt to limit failure

WordPress allows its users to log in unlimited login attempts. This sounds harmless, but honestly, this is an obvious security loophole.

Unlimited login attempts to make hackers perform violent attacks. In this type of attack, hackers deploy robots to find the correct combination of user names and passwords. Before obtaining the correct credentials, the robot will fail several times. One of the most effective ways to fight robot attacks is to limit login attempts.

The plug -in below will help you do this:

Limited login attempts to be re -loaded

WPS Limited Login

WP Restricted Login Try to by ARSHID

How to limit the failure of the failure login Try Install the plug -in, and then turn to Limited Login attempts → Settings → Local App

. Here, you can set it on your website to be allowed to log in to try. And how long someone will be locked after the number of login attempts.

4. Prevent user name

Generally, the username is considered not as important as the password. This is an open record, which is why we think it must be low -value. wrong.

Username accounts for half of your credentials. It must be protected, just like a password.

On the WordPress website, you will find the username displayed in the post and the author’s file. Fortunately, there is a way to disable them at the same time.

How to disable the author’s file

This can be completed with the help of any SEO plugin. In the tutorial below, we use Yoast SEO to show it.

Turn to

SEO → Search for appearance → file

, and then disable the author’s file. Click

Save and change

.

How to change the display name The display name is displayed in published articles and comments. By default, the display name is the same as the username (the user name for logging in).To prevent the username from being discovered, you can change the display name to other names.

Turn to

User → Personal Information → Nickname

. You cannot directly change the display name. On the contrary, change the nickname. Then select the

new nickname from the drop -down menu below.

5. Automatically logging in

Automatic cancellation can be protected from the spy. When the user leaves the session, no one is in charge, the automatic cancellation will end the session to protect the website.

The default WordPress behavior is to cancel the user after the Login session Cookie expires 48 hours. If the user selects the \”Remember Me\” box, you will keep the login status for 14 days. To terminate the session due to some free time, you need to install a separate plug -in.

The following plug -in can help you automatically cancel the free user session:

[

[

[

[ 123] Non -event cancellation

iThemes security

How to enable automatic cancel Logout → Basic Management

. Set the clock of free timeout. There is also a role -based timeout option. If you like, please check.

Turn to the top

Conclusion about WordPress login security

• Yes, you can use it. Is it okay? great! Before you leave this page, the last suggestion: Improving the security of WordPress login to make you closer to the security of the entire website. This is the ultimate goal!

Want #Secure #WordPress #Login page? This is what you need to do

Click the tweet

Even if you implement measures to prevent hackers from cracking down your website, Invaders can still obtain access permissions through the theme and plug -in that are susceptible to attack. Therefore, please let your website update all over the weather.

In order to further protect your website, we strongly recommend that you take all the security measures covered by this guide: 10 key WordPress security prompts.

If you have any questions about how to deal with WordPress login security, please tell us in the comments below.

Free Guide

Five basic techniques to speed up speed

Your WordPress website

will shorten the loading time by 50-80%

Just follow simple prompts.

the free guide

Reference [1] https://www.comparitech.com/blog/information-soability/Password-Statistics/

Author: