How to protect Admin Panel of WordPress In Easy Steps!!

2.October.2017| No Comments

As of now, we all know the cyber attacks are at its peak. As the Internet users are increasing very rapidly, cyber attackers are more active than ever before. So it becomes necessary to protect your self from these ongoing cyber attacks. According to Panda Labs, 18 million new malware samples were captured since the third quarter of 2016.

As the malware attacks are its peak, no one can fully ensure their security in this unsafe world of the Internet. WordPress is one of the largest CMS used in the world. As the WordPress is very easy to setup and use, more people willing to use this amazing platform. Apart from the utility factor of the WordPress, the one thing that is very important to take care in the WordPress is the security of the site and to be more precise the admin panel of the website.

Apart from using secure firewalls and VPN, there are so many things that help to protect the site from unethical activities. In this blog, we will look at some of the most effective and robust ways to protect the admin access of the site.

How to protect Admin Panel of WordPress in simple steps

1. Use a strong password
As this is the most basic tip, you had heard this tip million of time. But this is the most important step toward securing the WordPress Admin Panel. If the password is very weak then the chances of brute force are increased by several times. These attacks target the Admin Login Area of the site and try to bypass the login access by trying numerous combinations of characters, numbers and symbols.

So for preventing the site from brute force attack, it is a life-saving tip to use a strong password. But remember one thing that long passwords are not a strong password. Strong password means it should have characters, numbers, special symbols and have a good length. Don’t use a password which is easy to remember, use a password which is hard to guess.

Example of Strong Password: qzRtC{6rXN3N\RgGLIj

By choosing such type of password, you can ensure that the password will take a lot of time or it is impossible to break from a brute force attack. If you face difficulty in managing the passwords of your multiple online accounts, then you can use ant password management application which will take care of your all passwords.

2. Use Google Authenticator Application
Continuing from the first step, the next step for securing the password of the WordPress site is to use Google Authenticator application. It works as an extra layer of security for WordPress login. It enables 2-factor verification on the login panel. Even if someone manages to get your password by any means, the hacker can not bypass the Google Authenticator.

After enabling the Two-Factor Authentication on the WordPress site, the user needs to enter the Google verification code. As the Google Authenticator code changes in every few couples of seconds so it becomes impossible for the hacker to get the code for breaking the security.

Here is the quick setup guide for Google Authenticator Application:

Step 1
Firstly, you need to install the Google Authenticator Application on your phone. You can easily download the application from your application store.

Step 2
Once you install the application, come back to your WordPress DashBoard. You need to download the Google Authenticator Plugin on your site. When you install the plugin go to Users -> Profile, you will find the Google Authenticator setting under there. You will find both the QR code and the secret key that is required for the next step.

Step 3
Go back to the phone application and create a new account on it. For creating the account simply click on the add button in the bottom right corner. You need to enter the secret key or you can simply scan the barcode from your phone to complete the process

Step 4
For the last step, go to your site and when you will log into the site, now you will also see the Google Authenticator option where you need to enter the code whenever you log in.

3. Restrict Login Attempts and login IP addresses
This is one of the good moves towards securing the admin access. It is necessary to limit down the login attempts to prevent the site from various attacks. This is because if someone has not limited the number of login attempts, the attacker will have unlimited chances for trying numerous password combinations.

For enabling this functionality you need to install a plugin called Login LockDown. By this plugin, you will able to set the number of login attempts. After crossing the number of failed login attempts, the user will not be able to try further anymore.

An advanced version of this technique is to restrict the login attempts from a particular IP address. This is a more secure approach for protecting the admin section of the site. For enabling this you need to add few lines of code in the .htaccess file.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Your auther name ”
AuthType Basic

order deny,allow
deny from all
# whitelist Syed’s IP address
allow from $$.$$.$$.$$$ // your ip address

Simply replace the $ with your IP address so your IP address will not count in case if you type the wrong password.

4. Keep your WordPress Version Updated
Installing the updated version as quickly as it rolls out prevents your site from many cyber threats and from all possible bugs also. Updates are created for making our life more easier and more secure. Make sure your site is running on latest version on WordPress i.e 4.9.1

Also, ensure your site is working fine and don’t have any issues to resolve. For that, you should regularly keep doing the maintenance of your site.

5. Defining roles for every user:
If you are having multiple users on your site, you should limit the dashboard access for every user. It is helpful for you as well as for the users also. By limiting the access you can ensure that a user has limited access to the dashboard so the chances for any kind of accident are very minimum.

By defining the roles for every user, the users will also don’t get confused by having tons of dashboard options. It is a safer move for avoiding any kind of problem.



Leave a Reply

Your email address will not be published. Required fields are marked *


Subscribe Now

Get free download on your email

Send me new freebies, offers & news

Subscribe Now

Get free download on your email

Send me new freebies, offers & news