Distribute roles and protect login area

Distribute roles and protect login area

Distribute roles & register securely

With the WordPress login, users log in to the backend of the WordPress installation or in the member area of ​​the website. As WordPress is used on millions of websites, hackers attack the system and try to gain access to the websites’ backend. Find out now how to integrate the WordPress login into the frontend, how to assign roles, how to hide the login page from cybercriminals and limit login attempts.

Access the backend with your WordPress login

After installing WordPress, the administration area can be reached via a standard URL. During the initial setup, there is only one administrator account with access rights. The admin can add additional users if required and restrict their rights using roles. To access the WordPress administration area, open www.meine-seite.de/wp-admin, where “meine-seite.de” corresponds to your domain name.

Show WordPress login in frontend

With the plugin Frontend Dashboard you create a custom login page.

If your site has a members area, you must display the login on the home page. After the WordPress installation, the meta widget for logging in to most themes is already installed. You can find it under the menu item “Design” and “Widgets”. If you don’t like the way it is displayed, you can alternatively use a plugin such as Frontend Dashboard or Custom Login Page Customizer. This allows you to create individual login and register pages quickly and easily.

WordPress login and user roles

If you run your website with other employees, each user should have their own account with a username and password. In WordPress you can assign various roles with which you can restrict access rights individually.

Add users, assign roles and restrict access rights

Log into the backend with your account as an administrator.

Add User

Distribute WordPress login roles and add login area protect_userAdd a new user and assign a role.

For a new user, click on “User” and “Add new” in the backend. You have to enter your username and e-mail, the password will be generated automatically and sent to you by e-mail.

assign role

For the roles you have the choice between:

  • subscriber: Cannot change the content, but can register for the members area and, for example, comment on posts.
  • employees: Can add content but not self-publish; the author or editor is responsible for publication.
  • author: Creates and manages its own content, but cannot edit other users’ posts.
  • editor: Can edit content, manage categories and moderate comments.
  • Administrator: Has full access to posts, pages, theme, users and plugins.

Hide and protect WordPress login

Hackers access the login page and try to crack the password, for example using brute force attacks. You have various options available to make the work of cybercriminals more difficult.

Tip: Don’t use standard usernames like “admin” or weak passwords.

Hide login under different URL

Distribute WordPress login roles and protect login area_wps-hide-loginThe WPS Hide Login extension changes the login URL.

First, you can change the default URL used to access the login. The task is performed by the WPS Hide Login plugin. After the installation, open the settings and change the login URL to logmein, for example. Click on “Save”. The tool also prevents unregistered users from accessing wp-login.php and the WP admin directory.

Important: After saving, the admin area or member area can be reached via www.meine-seite.de/logmein, the old login page no longer works.

Limit number of login attempts

The Login LockDown extension temporarily locks the WordPress login after a specified number of failed login attempts. Brute force attacks launched by hackers are aborted after a few attempts.

summary

The WordPress login regulates access to the backend or the member area, you assign user rights using the roles. Subscribers need a login area in the frontend to register. You should change the login URL to be on the safe side and avoid a series of automated hacker attacks.

Secure WordPress login Previous post Secure WordPress login
How can I log into WordPress? Next post How can I log into WordPress?