Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: 13 Vital Tips and Hacks to Protect Your WordPress Admin Area

  1. #1
    Aquarezz's Avatar
    Aquarezz is offline Master Net Builder
    Join Date
    Dec 2008
    Location
    Belgium
    Posts
    3,846
    Blog Entries
    4
    Thanks
    683
    Thanked 590 Times in 462 Posts

    Thumbs up 13 Vital Tips and Hacks to Protect Your WordPress Admin Area

    Thanks to a tweet on Twitter I came across this interesting post on how to protect your admin area, it's better to prevent than to cure

    The post covers the following points:

    • Create custom login links
    • Pick a strong password
    • Limit login attempts
    • Use secure SSL login pages
    • Password protect wp-admin directory
    • Limit access via IP address
    • Never use admin username
    • Remove error message on the login page
    • Use encrypted password to login
    • Wordpress Antivirus protection
    • Stay updated with the latest WordPress version (so, update it every 40 seconds )
    • One Time password
    • Wordpress firewall plugin


    And you can read the full post here: 13 Vital Tips and Hacks to Protect Your WordPress Admin Area

    What do you think of this post, is it over the top or are you even more secured? I think it goes wrong for most people when choosing a password, people should be choosing much more difficult passwords and only use them once, but unfortunately it doesn't happen just to make it easier for themselves
    |Nico Lawsons

  2. Thanked by:

    tetrapak (7 January, 2011)

  3. #2
    iowadawg's Avatar
    iowadawg is online now Free Cell Champion
    Join Date
    May 2010
    Location
    Not in Texas
    Posts
    2,015
    Blog Entries
    4
    Thanks
    165
    Thanked 353 Times in 302 Posts

  4. #3
    Shenron's Avatar
    Shenron is offline Administrator
    Join Date
    Dec 2008
    Location
    Portugal
    Posts
    1,900
    Blog Entries
    2
    Thanks
    561
    Thanked 548 Times in 368 Posts
    Quote Originally Posted by iowadawg View Post
    Easiest freaking way?
    Instead of wp-admin for the login page?
    RENAME IT!
    That could lead to some problems when upgrading, while allowing others to register, etc etc...
    It's a half decent solution but not safe at all.

    When WP finally provides us with a good upgrading platform I'll bother installing a bunch of new security measures, for now I just keep my regular backups (I guess ).

  5. #4
    iowadawg's Avatar
    iowadawg is online now Free Cell Champion
    Join Date
    May 2010
    Location
    Not in Texas
    Posts
    2,015
    Blog Entries
    4
    Thanks
    165
    Thanked 353 Times in 302 Posts
    If you do not want people to register, great solution.

    The other solution?
    Password protect.

    Either way is better than your ways.

    And damn well secure.

  6. #5
    TopDogger's Avatar
    TopDogger is offline Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    2,946
    Thanks
    341
    Thanked 883 Times in 671 Posts
    Quote Originally Posted by iowadawg View Post
    Easiest freaking way?
    Instead of wp-admin for the login page?
    RENAME IT!
    That would be the logical way to do it, but unfortunately you cannot rename the admin directory with WordPress.
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin


  7. #6
    iowadawg's Avatar
    iowadawg is online now Free Cell Champion
    Join Date
    May 2010
    Location
    Not in Texas
    Posts
    2,015
    Blog Entries
    4
    Thanks
    165
    Thanked 353 Times in 302 Posts
    It can be done, but it takes like forever to find every instance of wp-admin in all the files and folders and change that to the new name.

  8. #7
    chatterbox's Avatar
    chatterbox is offline Newbie Net Builder
    Join Date
    Jul 2009
    Location
    Australia
    Posts
    141
    Thanks
    15
    Thanked 12 Times in 10 Posts
    Thanks for the share, I use Login LockDown on all my blogs. Coupled with a strong password and current WP version, hopefully I locked in tight
    Sound Unsound is a music forum for Unsigned Artists, Dj's and Producers
    Others: PDA and Smartphone guide | What task will you do for cheap? | Crazy Links 4 Free

  9. #8
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,177
    Thanks
    163
    Thanked 297 Times in 224 Posts
    I think changing your login name from admin (using cPanel) and using a strong password should be enough.

    If you only occasionally login to the admin area and have large numbers of blogs, how about changing the file permissions of the wp-admin directory to block public access?

    You can do this by changing the file permissions of the directory using your FTP software such as File Zilla. Change the permissions from 0755 to 0750. This gives an error 404 page to anyone browsing the login page.

    And change the permissions back to 0755 when you want to login again.

  10. #9
    garfish's Avatar
    garfish is offline I'm Not Sure.
    Join Date
    May 2009
    Posts
    846
    Blog Entries
    12
    Thanks
    155
    Thanked 57 Times in 54 Posts
    been using wordpress since 2009 but haven't seen someone actually use custom login links? how do you do this?

  11. #10
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,177
    Thanks
    163
    Thanked 297 Times in 224 Posts
    With a login name other than "admin" and a strong password, there is no problem since there would be too many combinations to try and crack it.

Page 1 of 2 12 LastLast

Similar Threads

  1. Blank WordPress Admin Area
    By Andy101 in forum Wordpress
    Replies: 3
    Last Post: 25 October, 2010, 01:05 AM
  2. An Admin's Mind - Adminstrating, Blogging, and other Tips
    By orc_dragoon in forum General Chat
    Replies: 17
    Last Post: 5 July, 2010, 16:37 PM
  3. vital Cheats
    By lexic in forum General Chat
    Replies: 0
    Last Post: 19 April, 2010, 19:15 PM
  4. WordPress Admin Control Panel - Open Site Link
    By vanderkitty jones in forum Wordpress
    Replies: 3
    Last Post: 17 August, 2009, 22:37 PM
  5. Replies: 0
    Last Post: 6 January, 2009, 03:33 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •