Three Different ways to secure WordPress admin URL
Wordpress is the most popular open source website creation tool.WordPress is easy to install and design your website through WordPress dashboard.Most common wordpress dashboard URL is http://yourdomain.com/wp-admin or http://yourdomain.com/wp-login.php(Replace yourdomain.com by your domain name).So It leads to frequent hacking attempts Occuring in your wordpress admin URL i.e Brute force and Distibuted Denial of service(DDoS).Here we are going to discussed about how to secure your wordpress admin URL with different methods.
To secure wordpress admin Page by first level authentication
Here,we are discussed about to enable first level authentication of your WordPress admin URL.
You need to take the backup of .htaccess file before making any changes for your safety purpose.if you can’t see the .htaccess file,then make sure you selected”Show Hidden Files” option in your cPanel file manager settings Else you can create .htaccess file
Step-1 : Login to your cPanel >> File Manager >> Go to the WordPress admin folder
Step-2 : Edit the .htaccess file with below line
ErrorDocument 401 “Unauthorized Access”
ErrorDocument 403 “Forbidden”
<FilesMatch “wp-login.php”>
AuthName “Contact Your Hosting Company for Username and Password”
AuthType Basic
AuthUserFile /home/username/.wpadmin
require valid-user
</FilesMatch>
*Replace username as your cPanel username
Step-3 : Create .wpadmin folder under home directory and enter your username and password follow the below format
Username:Password
eg. word:$apr1$OViT3DTL$61iodJ.L4XSSXo/INfUMg0
Here “word” is the username and followed by : is the encrypted(MD5) password
Note : password has been encrypted with the help of available online MD5 encrypted tool.
*You can use the username and password as per your convenience
Step-4 : Now access the WordPress admin URL,you will show-up the pop-up page.Now you can use the username and password as you updated in .wpadmin file.
Once you entered the username and password in pop-up page,you will be re-directed to the WordPress admin page
To enable Two-Factor Authenticator of the WordPress admin URL using Plugin – Google authenticator – Two Factor authentication
Most common and frequent hacking attempts occurs on WordPress admin URL.So One of the best way to secure your WordPress admin URL is Two-Factor Authenticator.Two-Factor authenticator is highly secure and easy to install.Sometimes,your WordPress admin page username and passowrd may be guessed But Two-Factor Authenticator adds a second layer of security to your WordPress websites.This plugin provides two-factor authentication during login and it protects from hacking attempts.
Follow the below steps to install and Activate Plugin
Login to your WordPress Dashboard >> Click Plugins >> Search your plugin name in search option >> Install now >> Once you plugin has been install,Click Active button to activate your plugin
Once you Plugin has been activated,Click miniOrange 2-Factor to create your account.
Create an account use necessary details and click submit.
Once you click submit, OTP has been sent to the mentioned mail ID while creating an account.Enter the OTP in “Enter OTP” and click Validate OTP to validate your email ID.
Kindly use any of the authentication method as shown in screen-shot to enable Two-Factor authenticator
After logged in with your WordPress admin,you will show the Two-Factor authentication page for email verification as like in screen-shot below
Also verification mail sent to your mentioned mail ID.Mail as look like as below screen-shot.
If you accept the verification mail,it will redirect to your WordPress Dashboard.
If you deny the verification mail,you will not able to login your WordPress Dashboard.
To change the WordPress admin URL using plugin – WPS Hide Login
WPS Hide login is easily and safely changing the WordPress admin URL to anything youn want to change. It doesn’t literally rename or change files in core,nor does it add rewrite rules.Wp-admin and wp-login.php directory page become inaccessible,Sdo you should remember your admin URL.Once you deactivate this plugin bring your site back exactly to the state it was before.
Login to your WordPress Dashboard >> Click Plugins >> Search your plugin name in search option >> Install now >> Once you plugin has been install,Click Active button to activate your plugin
Once you activated the Plugin,click Plugin >> WPS Hide Login >> Settings
Under WPS Hide Login,you can change the WorPress admin URL as your wish and then click Save changes.
Now you can able to access the WordPress admin Login with the updated URL.