Protect and hide wp-admin page
Almost, everybody knows, how to open wp-admin page of any WordPress site, Right? The default URL for visiting login page of any WordPress site is site-name/wp-admin. Well, when I was the beginner on WordPress. I wasn’t aware of these security issues. However, I realized it when my website got hacked. Trust me, it was the worst feeling ever.
Our last website was hacked due to the visibility of our wp-admin page. The wp-admin page of my last website was publicly visible. Yep, it‘s true that you can not stop the hackers from inspecting it. But, you should hide it. By setting up this security method you can not only make it more complex for hackers to crack but also you will also get an extra protection from the non-hacker communities.
The daily news of security breaches adversely challenging the security of WordPress. It has become essential to protect the wp-admin page of WordPress site. Do you want to show it to your users? No Nah? So let’s start with some useful steps to Protect and hide wp-admin page aka WordPress login page.
You can do it by the number of different ways. I’m gonna show you the best and secure ways to give it a goal.
By means of Plugins
Firstly, By means of plugins. Very frank, Plugins are the first option we search for if we want to add something new to WordPress. There are many of them which can be used to change WordPress admin page URL. If you’re a normal blog writer then it will be the best option for you because playing with codes requires practice. You just need to install the plugin from WordPress plugin repo and that’s it. Some of them which are used to Protect and hide wp-admin page are WPS Hide Login and Lockdown WP Admin. Both are good and can be installed right way. Well, I’m very friendly with lockdown wp because I’ve used it before.
How to setup Lockdown WP Admin ?
Setting up Lockdown WP admin plugin is pretty easy. However, If y’all know how to install plugins, then we should start with the setup.
After the successful installation and activation of Lockdown wp-admin plugin, we have to move to the plugin settings under the main sidebar of WordPress Dashboard.
After that, you have to check “Yes, please hide WP Admin from the user when they aren’t logged in.” option. Change your admin URL to anything you want instead of wp-admin. Also, bullet the disable HTTP Authentication in the end and then hit the save changes button.
For more help regarding the configuration of the plugin, refer to the screenshot given below.
Modifying .Htaccess file
Note : This method is not for absolute beginners.
Now we will see the second method i.e. modifying your .htaccess file
You can easily find your .htaccess file in your public_html folder of your database.
Please note that .htaccess file is the very important file which keeps the information on what to be accessed by outsiders. Before making any changes to your .htaccess file, please download it to your computer or any device respectively. So that if anything goes wrong in future you can replace it timelessly.
Follow the steps given below. After entering this code, the wp-admin page will be visible only if it will open from the following IP addresses. Others will get the 404 or page not found if they visit your /wp-admin page.
- STEP 1
Login to your server dashboard. Go to your public_html folder in Cpanel & open your .htaccess file in the code editor. If it is not visible to you, Enable the option “show hidden files” under visibility and then edit it.
- STEP 2
Add the following code at the beginning of your .htaccess file. It might be containing some codes, but you have to paste this at the beginning of every code.
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "WordPress Admin Access Control" AuthType Basic
<LIMIT GET>order deny,allow deny from all # whitelist Prakhar IP address allow from xx.xx.xx.xxx # whitelist Satyansh IP address allow from xx.xx.xx.xxx </LIMIT>
Don’t forget to replace the green texts with name and IP address of the devices (computers, laptops, smartphones) of yours. The Number of users can be increased by repeating the same code i.e. #whitelist username address. This is an easy way to deny access to your wp-admin area from hackers, intruders and visitors. However, doing this will only hide wp-admin page.
Furthermore, you should install Sucuri WordPress plugin. Sucuri is the multi-functioned high-profile security plugin which helps you to notify the every failed and success login attempts via emails. This will help you to detect the IP addresses that are trying to fake logging your site. Also, it helps to detect the malware or any malicious virus codes and clean it on time. It can be scheduled in such a way that it can check your entire website in hours, days or weeks.
It comes with a free plan to provide the basic malware security and scanning. You can also buy a premium version of this plugin for more flexibility in security. You can go on its official website to find out what it is actually and how can it protect your website.
If the post was useful to you and helped you in solving the issue then do not forget to share this post with your friends on Facebook or twitter. If you have any question in your mind, please feel free and type your questions in the comment. We will love to help you. Happy Blogging.
Protect and hide wp-admin page