Connect with us

How to harden the security of wp-admin – WordPress admin giude

solution

How to harden the security of wp-admin – WordPress admin giude

Your WordPress admin account is a glowing target for crackers.  One suggested way to improve WordPress admin security is NOT to use admin as your admin username.

If you are currently using admin as username, don’t worry.  You can still change it.

  1. create a new hard-to-guess username
  2. Change it to admin
  3. Demote admin username to user or subscriber. Don’t delete it, use it a decoy.
Other things to consider
  • Never use the admin account to post news or blogs – create an editor account instead
  • Use .htaccess to protect wp-admin directory.
  • Use Profile Builder for user profile editing

Protect wp-admin directory

You may want to use .htaccess to protect wp-admin directory. Let’s assume your staticIP is 192.168.100.1

Your .htaccess should look like this:

AuthName “protected”
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from 192.168.100.1
</Limit>

If your IP is dynamic, You may use 192.168.100.  to cover possible IP changes.  If you find yourself locked out due to IP change, find your new IP, and change the old or add the new IP into .htaccess file.

Profile Builder for user profile editing

Use Profile Builder for your user profile editing, in addition for user login and registration.

wp-admin should be only accessible to admin, not to regular users! Regular users should not have any remote connection with wp-admin.  This is one of serious security  oversights of  WordPress.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in solution

    About Me:

    Szabi Kisded

    Hey there, I'm Szabi. At 30 years old, I quit my IT job and started my own business and became a full time WordPress plugin developer, blogger and stay-at-home dad. Here I'm documenting my journey earning an online (semi)passive income. Read more

    Sign up for my newsletter and get the YouTube Caption Scraper WordPress plugin for free
    (worth 29$)!

    All My Plugins In A Bundle:

    My AutoBlogging Plugins:

    My Online Courses:

    A Theme I Recommend:

    Featured Posts:

    To Top