Thread: 13 Vital Tips and Hacks to Protect Your WordPress Admin Area

Thanks to a tweet on Twitter I came across this interesting post on how to protect your admin area, it's better to prevent than to cure

The post covers the following points:

• Create custom login links
• Pick a strong password
• Limit login attempts
• Use secure SSL login pages
• Password protect wp-admin directory
• Limit access via IP address
• Never use admin username
• Remove error message on the login page
• Use encrypted password to login
• Wordpress Antivirus protection
• Stay updated with the latest WordPress version (so, update it every 40 seconds )
• One Time password
• Wordpress firewall plugin

And you can read the full post here: 13 Vital Tips and Hacks to Protect Your WordPress Admin Area

What do you think of this post, is it over the top or are you even more secured? I think it goes wrong for most people when choosing a password, people should be choosing much more difficult passwords and only use them once, but unfortunately it doesn't happen just to make it easier for themselves

Easiest freaking way?
Instead of wp-admin for the login page?
RENAME IT!

Originally Posted by iowadawg

Easiest freaking way?
Instead of wp-admin for the login page?
RENAME IT!

That could lead to some problems when upgrading, while allowing others to register, etc etc...
It's a half decent solution but not safe at all.

When WP finally provides us with a good upgrading platform I'll bother installing a bunch of new security measures, for now I just keep my regular backups (I guess ).

If you do not want people to register, great solution.

The other solution?
Password protect.

Either way is better than your ways.

And damn well secure.

Originally Posted by iowadawg

Easiest freaking way?
Instead of wp-admin for the login page?
RENAME IT!

That would be the logical way to do it, but unfortunately you cannot rename the admin directory with WordPress.

It can be done, but it takes like forever to find every instance of wp-admin in all the files and folders and change that to the new name.

Thanks for the share, I use Login LockDown on all my blogs. Coupled with a strong password and current WP version, hopefully I locked in tight

I think changing your login name from admin (using cPanel) and using a strong password should be enough.

If you only occasionally login to the admin area and have large numbers of blogs, how about changing the file permissions of the wp-admin directory to block public access?

You can do this by changing the file permissions of the directory using your FTP software such as File Zilla. Change the permissions from 0755 to 0750. This gives an error 404 page to anyone browsing the login page.

And change the permissions back to 0755 when you want to login again.

been using wordpress since 2009 but haven't seen someone actually use custom login links? how do you do this?

With a login name other than "admin" and a strong password, there is no problem since there would be too many combinations to try and crack it.