[et_pb_section admin_label=“section“][et_pb_row admin_label=“row“][et_pb_column type=“4_4″][et_pb_text admin_label=“Text“ background_layout=“light“ text_orientation=“left“ use_border_color=“off“ border_color=“#ffffff“ border_style=“solid“]
How do I secure the WordPress admin area?
As an IT professional, two things have always been very important to me:
- Backup, restore or generally the security of my data against damage and loss
- Security of applications against theft and unauthorized intrusion or modification
Of course, these two topics also drive me on my website. I was able to solve the backup and restore issue quite well a few months ago, more about that in another post.
The security issue in WordPress has been chewed through on so many websites. I just want to point out what I think is an awesome plugin that will help you protect the WordPress admin area. Security in WordPress is based on many small factors. The more you pay attention to these small factors, the safer the overall concept of the site will be. Here is a small table that will surely help you:
- Adjust table prefix. In a default installation, the prefix is wp_ and should be adjusted to some fantasy value.
- Customize username. For administrative work, do not use the editor access that you also use to write articles. And don’t call the admin admin. “Administrator” is a state, not a name!
- Keep passwords as complex as possible. Yes, I don’t want to write anything more about it. Please make sensible passwords and don’t store them under the keyboard.
- Import updates immediately or promptly. And not only from the WordPress core system, but also from all plugins and themes. You can automate that – and then you only have to check it.
- Do not use files from unclear sources. In other words, I would only use plugins and themes whose origins I know.
Secure the WordPress administrator login area
As a further component, it is recommended to secure the login area of WordPress. The reason and the procedure is quite simple.
By default, the login area can always be reached at the URL http://domain.tld/wp-admin. Now it’s easy to try here to test a working username:password combination. Especially if the administrator is also an administrator, the chance of guessing the correct password increases to 50%.
The WPS Hide Login plugin can help here.
It changes the address to the admin area to a freely selectable value. This can be selected after installing and activating in the admin area under the Settings section.
Now all attacks on the address /wp-admin come to nothing.
I particularly like the simplicity with which the WordPress installation is effectively protected, thumbs up!