How to Secure Your WordPress Admin Area

1. Change the default admin username given during the WordPress installation. The default username only makes it easier for hackers to gain access to your account.

To edit the username click Users > All Users in the dashbord sidebar. Also, make sure your password is a safe one. Use a mix of lowercase and uppercase letters, numbers and symbols, or consider generating a random strong password by using WordPress’ built-in password generation tool.

2. Wp-admin folder contains the important administartion files. Anyone can access it without any authentication unless you protect the folder with a strong password.

Wp-admin folder is located in the server, so you need to protect it through your hosting management panel.

For instance, in cPanel there is a Directory Privacy section. Go to public_html / wp-admin from this point and check the box Password protect this directory. Select your credentials, fill the information out and press Save button.

3. By default you can access any website’s login page by adding /wp-login.php to the URL. This makes it easy for hacker to access your admin panel, especially if the admin isername is also set by default.

Instead you should create a custom URL for login. Consider using the WPS Hide Login plugin. Go to the Settings section, select WPS Hide Login and create a new login URL. Don’t forget to save the changes.

4. Consider limiting login attempts to protect your WordPress admin area. Install the Sucuri Security plugin, select Sucuri Security > Settings > Alerts > Password guessing brute force attacks and fill the number of login attempts in. This will be the number of failed login attempts before WordPress blocks the IP address.