How To Restrict Access To WP-Admin For Preventing Malicious Attacks?

While the internet is a great platform for establishing an impressive online identity it also brings a lot of perils. Some time ago, people have witnessed one of the biggest DDos attacks in the history of internet. We also heard about the WordPress website being targeted by the hackers. These things bring about insecurity in the minds of many website owners who run their websites with the WordPress CMS.

WordPress is one of the most popular content management systems that is used for website / blog creation. Approximately, 17% of the websites are powered by WordPress today. This has offered a greater platform for the people with bad intentions to plan activities like DDoS attacks and website hacking.

How can you safeguard your WordPress website against the hackers trying to crack into your WordPress login credentials?

There are many ways in order to strengthen the security of your WordPress website. Here is an insight on the most crucial ways:

You can use a plugin known as ‘Limit Login Attempts’ that limits the number of login attempts made to your website. This plugin enables you to set a maximum limit of failed login attempts from any particular IP and intimates you about the failed attempts. In this way you are well aware about any malicious activity that might occurs on your website in the future.

Another method of eliminating the unauthorized access is by limiting the login access altogether. This can be done by ‘White listing’ certain IP addresses that are known to you and blocking all the other IP addresses.

Here are the steps that you need to follow: #

Step 1 : Go to the root of the WordPress installation on the server and locate a folder named – ‘wp-content’

Step 2 : Edit the .htaccess file by adding the commands mentioned below:

<Directory /wp-admin >
<files wp-login.php>
AllowOverride None
order deny,allow
# whitelist
allow from (IP 1)
allow from (IP 2)
allow from (IP 3)
deny from all

Note : Remove the IP1, IP2 and IP3 from the code. In the similar way, you can add as many IP addresses as you want.

This is a small step that proves to be extremely beneficial in terms of the security of your WordPress website. With the help of this small amendment, only the authorized IP addresses will be able to access the WP-Admin page.

Other important tips for safeguarding your WordPress website / blog : #

  • Use a complicated username that cannot be thought about easily
  • Use a complicated password, that comprises of a combination of numbers, letters in upper case and lower case and some special characters. You can also take the help of online password generators that will generate a complicated password for you.

Powered by BetterDocs