WordPress is frequently attacked to try and exploit vulnerabilities in outdated installations - this post aims to help you protect against brute force login attempts, to help keep your site secure.
- Ensure that WordPress Core, Themes & Plugins are upto date.
- Install WPS Hide Login Plugin in WordPress - https://wordpress.org/plugins/wps-hide-login/ (via Plugins - Install Plugins)
- Ensure that the plugin is activated
- Go to Settings - General, and at the bottom of the page and set your new login URL.
- Click Save - this enabled your new login page (test it and make sure it works!), but you still have to block the old login page to protect against Brute Force Attacks.
- In cPanel go to File Manager (just be sure to check the ‘Show Hidden Files’ option so you can see the .htaccess file), and edit your .htaccess file
- Add the following lines of code:
<FilesMatch "wp-login.php"> Deny from All ErrorDocument 403 "Forbidden" </FilesMatch>
- Once saved your login pages should be protected
If you require any assistance feel free to contact us by raising a ticket at www.dowo.digital/support and one of our engineers will be happy to assist you!
