Notice: WC_Cart::get_cart_url is deprecated since version 2.5! Use wc_get_cart_url instead. in /home/wordpre2/public_html/wp-includes/functions.php on line 3831
Select Page

If you are running on WordPress then you can follow those simple steps in assuring a better WordPress security of your website. There are many articles about this matter, many told you to use free or paid plugins, but I think you could take the matter in your own hands, and make little adjustments so your website will become more secure.

1. Redirect with .htaccess

The original .htaccess file looks like this:


# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

so, after


RewriteBase /

add a new rule


RewriteBase /
RewriteRule ^login$ wp-login.php

Now you can access the login page using these 2 urls (/login and /wp-login.php). So we need to hide the wp-login.php links in your blog.

2. Change the links from wp-logins.php to /login

In your functions.php (or someone plugin) add this filter


add_filter('site_url',  'wplogin_filter', 10, 3);
function wplogin_filter( $url, $path, $orig_scheme ) {
 $old  = array( "/(wp-login\.php)/");
 $new  = array( "login");
 return preg_replace( $old, $new, $url, 1);
}

Now, every time wordpress call site_url(“wp-login.php?action=xxx”); this function will redirect to /login.

3. Don’t use admin as your username

This should be the easy one to set up. Visit your profile page and choose something different then the admin to be your username.

4. Use strong password for the Administrator Role

Assuming that you have only one user with the Administrator role, try to use a strong password, in which to include, lower and uppercase letters, symbols like: !, @, #, $, %, ^, &, ), (, -, = and numeric characters.

5. Install a plugin that will prevent Force Brute Logins

There are many choosing options when it comes in choosing a Force Brute Plugin, and I think it’s only a matter of personal choice since basically all of them do the same thing. Prevent access to login page, if a non-valid login details have been entered more then X time, and it’s up to you which one you will choose to use.

About author

Young and dedicated fellow, which has playing with WordPress for 5 years now, likes everything about web design and web development.

View all author posts →

Share This