Securing Your WordPress Login Page Print

  • 18

WordPress is frequently attacked to try and exploit vulnerabilities in outdated installations - this post aims to help you protect against brute force login attempts, to help keep your site secure.

  1. Ensure that WordPress Core, Themes & Plugins are upto date.

  2. Install WPS Hide Login Plugin in WordPress - https://wordpress.org/plugins/wps-hide-login/ (via Plugins - Install Plugins)Install WPS Hide Login
  3. Ensure that the plugin is activated

  4. Go to Settings - General, and at the bottom of the page and set your new login URL.Set New Login URL
  5. Click Save - this enabled your new login page (test it and make sure it works!), but you still have to block the old login page to protect against Brute Force Attacks.

  6. In cPanel go to File Manager (just be sure to check the ‘Show Hidden Files’ option so you can see the .htaccess file), and edit your .htaccess file

  7. Add the following lines of code:

    <FilesMatch "wp-login.php">
    Deny from All
    ErrorDocument 403 "Forbidden"
    </FilesMatch>
    WPLogin htaccess
  8. Once saved your login pages should be protected

If you require any assistance feel free to contact us by raising a ticket  at www.dowo.digital/support and one of our engineers will be happy to assist you!

Was this answer helpful?

« Back