In my last post that was security related we talked about WordPress backup plugins and how useful they can be when worst comes to worst. I am planning to write an complete guide to WordPress security plugins in the near future, but in the meantime – a list of 3 plugins that have been chosen by popularity for protecting your WordPress login page.
WordPress by itself, currently, does not support or have implemented security functions into the platform itself, it might happen in the future if we look at what happened with WordPress 3.7, the old WordPress search got replaced with new and better search. It’s still a work in progress from what I have heard. Either way, I compiled a list of WordPress search plugins just in case.
The reason to install a decent WordPress login page plugin that can protect the wp-admin folder is because of so many hackers out there using automated tools to try and crack the login details. When I say hackers, I actually mean script kiddies. Something as simple as a bash script can be created to brute-force the admin login page with hundreds of requests per second. If you would go have a look at the log file right now, for the wp-admin folder, you would find that there have been tons of requests to login with details such as “master”, “admin”, “sysadmin”, etc,. etc,.
Top 3 Plugins to Protect the WordPress Login Page
If you know your way around a server, or have an IP address that doesn’t change every five minutes, you can probably take advantage of .htaccess and protect yourself that way. Otherwise, you can install one of the plugins below to take care of everything.
Hide Login+
This is the perfect plugin for protecting the admin page, it will allow you to create custom URL’s for the /wp-admin/ and wp-login.php pages and you will be the only one who knows them. The only way a hacker could login if he had your password would be if he also had the secret URL available to him. Which is highly unlikely.
Hide Login+ Features:
- Define custom slugs for wordpess login, logout, registration, forgot password & admin URLs
- Able to prevent access to
wp-login.phpandwp-admindirectly - Custom redirection after login with pre-defined options
- See your
.htaccesscontent after changes successfuly has been done -
Simple back-to-defaults ability on plugin deactivation
This won’t secure your website perfectly, but if someone does manage to crack your password, it can make it difficult for them to find where to actually login. This also prevents any bots that are used for malicious intents from accessing your
wp-login.phpfile and attempting to break in.
Hide Login+ @ WordPress Plugins
Login Dongle
This plugin while not the most time efficient is also very good at protect your site from bots and other automated requests, while also keeping the kids out. It’s very simple. You install the plugin and then configure it from the admin dashboard. The trick is that you enter a secret answer and every time you login you are required to give that answer.
There are no changes made to the original login page.
Login Dongle @ WordPress Plugins
Stealth Login Page
This plugin is very simple and efficient, it’s similar to the login dongle plugin above, but won’t require to have popups come up on the page. It’s WordPress plugin that will protect the login page by adding a secret word option which you have to specify in the dashboard.
This in turn means that in order for hacker to enter the site he will need to know the username, password and the secret key. The only way for getting the secret way would be through access to the database itself, which means that your server is comprised, not WordPress.
Stealth Login Page@ WordPress Plugins
Protect WordPress Login Page With .htaccess
I did mention above that I would provide a solution for people who are more tech savvy, this simple code you have to add to the /wp-admin/.htaccess file will make sure that only people who have your computers IP address will be able to access the folder. We could go as far as adding username/password logins, but I honestly believe there is no need.
order allow,deny
#hacker1
deny from 1.2.3.4
#hacker2
deny from 5.6.7.8
#admin1
allow from 127.0.01
#admin2
allow from 1.3.3.7
It’s that simple. I will gladly help you if you leave me a comment that you need help :)
Good choices. iThemes security and all in wp security too provide the similar service. They allow us to rename login pages, limit login attempts etc