Easiest freaking way?
Instead of wp-admin for the login page?
Thanks to a tweet on Twitter I came across this interesting post on how to protect your admin area, it's better to prevent than to cure
The post covers the following points:
- Create custom login links
- Pick a strong password
- Limit login attempts
- Use secure SSL login pages
- Password protect wp-admin directory
- Limit access via IP address
- Never use admin username
- Remove error message on the login page
- Use encrypted password to login
- Wordpress Antivirus protection
- Stay updated with the latest WordPress version (so, update it every 40 seconds )
- One Time password
- Wordpress firewall plugin
And you can read the full post here: 13 Vital Tips and Hacks to Protect Your WordPress Admin Area
What do you think of this post, is it over the top or are you even more secured? I think it goes wrong for most people when choosing a password, people should be choosing much more difficult passwords and only use them once, but unfortunately it doesn't happen just to make it easier for themselves
It's a half decent solution but not safe at all.
When WP finally provides us with a good upgrading platform I'll bother installing a bunch of new security measures, for now I just keep my regular backups (I guess ).
Thanks for the share, I use Login LockDown on all my blogs. Coupled with a strong password and current WP version, hopefully I locked in tight
I think changing your login name from admin (using cPanel) and using a strong password should be enough.
If you only occasionally login to the admin area and have large numbers of blogs, how about changing the file permissions of the wp-admin directory to block public access?
You can do this by changing the file permissions of the directory using your FTP software such as File Zilla. Change the permissions from 0755 to 0750. This gives an error 404 page to anyone browsing the login page.
And change the permissions back to 0755 when you want to login again.
been using wordpress since 2009 but haven't seen someone actually use custom login links? how do you do this?