With flexible, free and convenient nature, WordPress is currently one of the most famous and popular CMS in the world. This popularity also makes it a target for hackers who want to gain unauthorized access to websites using WordPress for malicious purposes. In this article, HOSTVN will share with you 11 ways to protect WordPress Admin to make your website more secure against hacker attacks.

11 ways to protect WordPress Admin from attacks

1. Use a strong password


A common mistake that most people make is to use a simple password like 123456, acb @ 123, date of birth, phone number, etc. This makes it easier for hackers to attack wesbite's. friend.

Remember to always use a strong password that includes uppercase, lowercase letters, special characters and numbers. Another common mistake people make is to use the same password for all of their services. This is very dangerous because just knowing the password of a hacker service will gain control of other services. The problem of remembering passwords can be solved by using the above password manager application RoboForm, LastPass.

2. Do not use your username as Admin


Another dangerous habit is to use the admin as the username. Most users after installing WordPress will use admin as the login name in the admin page. This makes it easier for hackers to attack your admin page.

READ  Scan for malware and backdoors on WordPress websites

Please change your username with a username only you know. To do this please see the instructions for changing your username in WordPress.

By default, the WordPress admin login link will take the form example.com/wp-admin. For added security HOSTVN recommends that you change this login link to another link that only you know. Changing the login page of WordPress admin page is very simple. Show many security plugins like iThemes Security both have this functionality or you can use plugins WPS Hide Login.

For how to install plugins for WordPress, please see the plugin's installation guide for WordPress HOSTVN.

4. Set a two-layer password for wp-admin

sign in - protect WordPress Admin

You can use the Protect Directory function of hosting management software such as cPanel, DirectAdmin to put another wp-admin password layer for my website. This is very simple and does not need to use any plugins. To do this please see the instructions for setting a two-layer password for wp-admin.

5. Use two-factor authentication for WordPress

authenticator - protect WordPress Admin

If you have used services like Gmail, Facebook Surely you are not far behind with 2-factor authentication when logging in. And you can also apply this to your WordPress website.

To turn on two-factor authentication for WordPress, see the instructions on enabling two-factor authentication for WordPress with Google Authenticator.

6. Use SSL for the website


Registering and using SSL certificates for your website is another option to increase the security of your website. For hosting at HOSTVN, SSL is available for free. If you are using hosting at HOSTVN you can enable SSL according to the following instructions:

READ  Create a visitor statistics dashboard in WordPress

After enabling SSL you will need to transfer the entire http link to https. To do this, see the guide for converting HTTP to HTTPS for WordPress.

7. Using the firewall (Firewall)


Firewall for WordPress (also known as web application firewall or WAF), acts as a shield between your site and incoming traffic. Firewalls will monitor your website traffic and prevent common security threats before they visit your WordPress site.

Besides greatly improving the security of your WordPress website, often these firewalls also help speed up your website and increase its performance.

To choose for yourself an appropriate firewall, see the article Top 6 firewalls for WordPress currently best by HOSTVN.

8. Limit the number of false logins

A Bruteforce attack wordpress attack is an attempt to detect a password or username. Bruteforce works by detecting usernames and passwords, over and over, until the correct information is found. This is an old attack method, but it is still effective and popular with hackers.

To combat Bruteforce attack, you should limit the number of wrong logins and beyond that number, it will block the login from the suspected IP. A very simple way to do this is to limit Bruteforce attack wordpress with plugins Limit Login Attempts.

9. Hide error message when logging in wrong

Any user who enters the wrong username or password is notified by WordPress of an error and specifies any of the two fields incorrectly. This can help hackers know what information to take advantage of to attack your website. For example, when logging in only received the wrong password, it means that the username is correct, the attacker will only need to focus on the password instead of the username. To hide the error message when logging in wrongly, add the following code to the file functions.php of the theme you are using.

10. Limit the IP address allowed to access the admin page

Access to the wp-admin area can be controlled by limiting permissions to specific IP addresses. To do this, create a file .htaccess inside the folder wp-admin with the following content

Where xx.xx.xx.xxx is the IP address allowed to access your admin page.

11. Always update WordPress, Plugins, themes

You need to make sure that WordPress as well as the plugins and themes you are using are always updated to the latest version. This will help you avoid security holes as they are discovered.


WordPress is a strong and secure platform but its popularity makes it vulnerable to attacks and with the above WordPress admin area protection tips will make your website more secure and avoid attacks. public hackers. If you have any additional comments, you can leave a comment below to let us know.

Read more :

Leave a Reply

Your email address will not be published. Required fields are marked *