WordPress

 

Three Different ways to secure WordPress admin URL  

WordPress is the most popular open source website creation tool.WordPress is easy to install and design your website through WordPress dashboard.Most common wordpress dashboard URL is http://yourdomain.com/wp-admin or http://yourdomain.com/wp-login.php(Replace yourdomain.com by your domain name).So It leads to frequent hacking attempts Occuring in your wordpress admin URL i.e Brute force and Distibuted Denial of service(DDoS).Here we are going to discussed about how to secure your wordpress admin URL with different methods.

To secure wordpress admin Page by first level authentication

Here,we are discussed about to enable first level authentication of your WordPress admin URL.

You need to take the backup of .htaccess file before making any changes for your safety purpose.if you can’t see the .htaccess file,then make sure you selected”Show Hidden Files” option in your cPanel file manager settings Else you can create .htaccess file

Step-1 : Login to your cPanel >> File Manager >> Go to the WordPress admin folder

Step-2 : Edit the .htaccess file with below line

ErrorDocument 401 “Unauthorized Access”
ErrorDocument 403 “Forbidden”
<FilesMatch “wp-login.php”>
AuthName “Contact Your Hosting Company for Username and Password”
AuthType Basic
AuthUserFile /home/username/.wpadmin
require valid-user
</FilesMatch>

*Replace username as your cPanel username

Step-3 : Create .wpadmin folder under home directory and enter your username and password follow the below format

Username:Password

eg. word:$apr1$OViT3DTL$61iodJ.L4XSSXo/INfUMg0

Here “word” is the username and followed by : is the encrypted(MD5) password

Note : password has been encrypted with the help of available online MD5 encrypted tool.

 

*You can use the username and password as per your convenience

Step-4 : Now access the WordPress admin URL,you will show-up the pop-up page.Now you can use the username and password as you updated in .wpadmin file.

Once you entered the username and password in pop-up page,you will be re-directed to the WordPress admin page

To enable Two-Factor Authenticator of the WordPress admin URL using Plugin – Google authenticator – Two Factor authentication

Most common and frequent hacking attempts occurs on WordPress admin URL.So One of the best way to secure your WordPress admin URL is Two-Factor Authenticator.Two-Factor authenticator is highly secure and easy to install.Sometimes,your WordPress admin page username and passowrd may be guessed But Two-Factor Authenticator adds a second layer of security to your WordPress websites.This plugin provides two-factor authentication during login and it protects from hacking attempts.

Follow the below steps to install and Activate Plugin

Login to your WordPress Dashboard >> Click Plugins >> Search your plugin name in search option >> Install now >> Once you plugin has been install,Click Active button to activate your plugin

Once you Plugin has been activated,Click miniOrange 2-Factor to create your account.

Create an account use necessary details and click submit.

Once you click submit, OTP has been sent to the mentioned mail ID while creating an account.Enter the OTP in “Enter OTP” and click Validate OTP to validate your email ID.

Kindly use any of the authentication method as shown in screen-shot to enable Two-Factor authenticator

After logged in with your WordPress admin,you will show the Two-Factor authentication page for email verification as like in screen-shot below

Also verification mail sent to your mentioned mail ID.Mail as look like as below screen-shot.

If you accept the verification mail,it will redirect to your WordPress Dashboard.

If you deny the verification mail,you will not able to login your WordPress Dashboard.

 

To change the WordPress admin URL using plugin – WPS Hide Login

WPS Hide login is easily and safely changing the WordPress admin URL to anything youn want to change. It doesn’t literally rename or change files in core,nor does it add rewrite rules.Wp-admin and wp-login.php directory page become inaccessible,Sdo you should remember your admin URL.Once you deactivate this plugin bring your site back exactly to the state it was before.

Login to your WordPress Dashboard >> Click Plugins >> Search your plugin name in search option >> Install now >> Once you plugin has been install,Click Active button to activate your plugin

Once you activated the Plugin,click Plugin >> WPS Hide Login >> Settings

 

Under WPS Hide Login,you can change the WorPress admin URL as your wish and then click Save changes.

Now,you can able to access the WordPress admin Login with the updated URL.