How to prevent your word-press site from various attacks
Step 1 – prevent your word-press login page and prevent brute force attacks.
Everyone knows the standard WordPress login page URL. So change word-press login URL to protects against the most common type of website security breach, a brute force attack.
a)During the installation process, WordPress creates two default login URLs.
b)Let’s start by installing the plugin. From the WordPress dashboard, navigate to Plugins > Add New > search for ‘WPS Hide Login.’
c)This plugin will block access to the default login URLs – wp-admin and wp-login. you can changed the login to your preferred URL,
d)navigate to Settings > General Setting >> WPS Hide Login >> Login url
e)When I attempt to access the default login URLs like wp-admin, wp-login.php, it throws below error.
f)Now I have enter the new changed login URL (http://yourdomain.com/wp/login_page_changed/), I can see the admin page without any issue.
Step 2 – Use email ID as login
By default, you have to input your username to log in. Using an email ID instead of a username is a more secure approach.
a)Let’s start by installing the plugin. From the WordPress dashboard, navigate to Plugins > Add New > search for
WP Email Login
It starts working right after the activation and it requires no configuration at all. Else you can set the email ID as username while installing the word-press.
Step 3 – Adjust your passwords
When hackers know the direct URL of your login page, they can try to brute force their way in.
So we already changed the admin URL in Step 1.
Then they try to log in with their GWDb (Guess Work Database, i.e. a database of guessed usernames and passwords; e.g. username: admin and password: p@ssword … with millions of such combinations).
So improve your password strength by adding uppercase and lowercase letters, numbers, and special characters.
Use Strongpassword to increase the password strength.
Step 4 – First level authentication for wordpress.
Login to your cPanel. Choose >> File manager >> WP-ADMIN >>Choose “Password Protect ” option.
There you can have the option to set the username and password for that folder, Once you set the details choose SAVE option.
Then try to access your word-press admin URL, http://yourdomainame.com/wp-admin you can see the password protected pop up window, then enter your valid username and password to enter into admin page.
Step 5 – First level authentication for wordpress using htaccess authentication.
Its works by uploading two files called .htaccess and .htpasswd in the directory you want to password protect. The htaccess file should contain the following:
AuthType Basic AuthName "Password Protected Area" AuthUserFile /path/to/.htpasswd Require valid-user
Next you need to upload the .htpasswd file which contains the username and password to enter the password protected folder. The .htpasswd file should contain:
Once done, you can the pop up window like below.
These are the steps to prevent your word-press website