Protecting WordPress ADMIN & LOGIN URL
HI All...
Just a week or two ago I read a thread advising anyone running Wordpress to just change the folder /wp-admin/ 's name to protect an installation from unauthorized access.
I thought the idea was very poor and rather cumbersome to implement. There had to be much better solutions. There are many. Below I'll outline just a few of them.
First, to protect your login:
1. The obvious. A great password. I don't mean something 6 or 8 characters long, but try using 14 or 16 characters that included letters, CAPS and numbers and could only be any meaning to you. Then "remember" the access info using a tool such as ROBOFORM (RoboForm: Password Manager, Form Filler, Password Management), which I will say is my #1 time saver.
2. Then you can install a plugin called LOGIN LOCKDOWN (Bad Neighborhood - Login LockDown WordPress Security Plugin) which I just started using and it works elegantly to protect the WORDPRESS LOGIN page. There are a few variables to set in ADMIN once installed just like a typical plugin, but that will take a min. You'll be able to restrict access to a range of IP addresses or just your static IP. Your setup will allow "X" failed attempts before locking out another user. Just be careful that you do remember the user info!!!
3. Lastly, IF you want to do even more to protect your /wp-admin/ folder, there are options that use .htaccess files to restrict access, again by IP address(es). You can checkout a plugin such as ASKAPACHE PASSWORD PROTECT (Password Protect your Blog with Apache .htaccess and .htpasswd). This is a very serious piece of software and as it says, puts a very thick brick wall between your work and malicious attacks. But, it does take some know-how and a bit of time to implement. However, when your site pays the mortgage, it's worth it.
4. Just a TIP: Now it's easier than ever to back up a database. The back-end OS (like Parellals -former PLESK, and cPANEL) easily allow an Admin to setup a back up routine to run a DAILY or WEEKLY or even a MONTHLY BACK UP. Setup and leave the server to do the work. You can even specify a back up server/account or even a local pc to back up the db via FTP. This will then be your last line of defense. No matter what happens you can restrict the data loss to just a few days and setup again after a server crash (or a fire as I had once!
) and get back on your feet.
FEAR NOT: I am sure a few of you will fear installing a plugin like this and getting locked out of your own admin. Fear not... If for some buzzar reason you do get locked out, just use your FTP access to go to the plugin directory and just delete the offending security plugin. Then it will "deactivate" automatically, and you're back in business. So, don't fear.
Sucess,
Sam
Just a week or two ago I read a thread advising anyone running Wordpress to just change the folder /wp-admin/ 's name to protect an installation from unauthorized access.
I thought the idea was very poor and rather cumbersome to implement. There had to be much better solutions. There are many. Below I'll outline just a few of them.
First, to protect your login:
1. The obvious. A great password. I don't mean something 6 or 8 characters long, but try using 14 or 16 characters that included letters, CAPS and numbers and could only be any meaning to you. Then "remember" the access info using a tool such as ROBOFORM (RoboForm: Password Manager, Form Filler, Password Management), which I will say is my #1 time saver.
2. Then you can install a plugin called LOGIN LOCKDOWN (Bad Neighborhood - Login LockDown WordPress Security Plugin) which I just started using and it works elegantly to protect the WORDPRESS LOGIN page. There are a few variables to set in ADMIN once installed just like a typical plugin, but that will take a min. You'll be able to restrict access to a range of IP addresses or just your static IP. Your setup will allow "X" failed attempts before locking out another user. Just be careful that you do remember the user info!!!
3. Lastly, IF you want to do even more to protect your /wp-admin/ folder, there are options that use .htaccess files to restrict access, again by IP address(es). You can checkout a plugin such as ASKAPACHE PASSWORD PROTECT (Password Protect your Blog with Apache .htaccess and .htpasswd). This is a very serious piece of software and as it says, puts a very thick brick wall between your work and malicious attacks. But, it does take some know-how and a bit of time to implement. However, when your site pays the mortgage, it's worth it.
4. Just a TIP: Now it's easier than ever to back up a database. The back-end OS (like Parellals -former PLESK, and cPANEL) easily allow an Admin to setup a back up routine to run a DAILY or WEEKLY or even a MONTHLY BACK UP. Setup and leave the server to do the work. You can even specify a back up server/account or even a local pc to back up the db via FTP. This will then be your last line of defense. No matter what happens you can restrict the data loss to just a few days and setup again after a server crash (or a fire as I had once!
) and get back on your feet.FEAR NOT: I am sure a few of you will fear installing a plugin like this and getting locked out of your own admin. Fear not... If for some buzzar reason you do get locked out, just use your FTP access to go to the plugin directory and just delete the offending security plugin. Then it will "deactivate" automatically, and you're back in business. So, don't fear.
Sucess,
Sam
>> CLICK: BiiG NETWORK LAUNCH WSO <<
SIGN UP FREE. LIMITED NICHES/LOCATIONS!
>> CLICK: BiiG NETWORK LAUNCH WSO <<
SIGN UP FREE. LIMITED NICHES/LOCATIONS!