a simple thing you can do to protect your wordpress website
If you're running a WordPress website you're inherently at risk for attacks from hackers, spammers, and other internet based attacks. It is the most popular content management system in the world which makes it a big target. However, there are a ton of things that you can do to not only make your WordPress website safer, but make it exceptionally secure. This is great news for all developers requiring a higher level of security.
Even if you don't require a high level of security - like a PCI DDS Compliant website - you still need to keep your website safe. Think about how much work you've put into it. Hours and hours of sweat equity can be lost overnight if someone manages to get into your website's files. In this post we will explore one very simple thing you can do to make your WordPress website safer.
Looking for other great information & tips on WordPress security? Check out these articles from our blog!
- Use Chrome to ID non-secure Pages on your Website
- How to Fix WordPress upload issues when using Force SSL Admin
- 5 Reasons to use WordPress in your next Website Redesign
Also, if you're looking to increase the security of your WordPress website download our 'WordPress Security Checklist' below!
a safer wordpress website
If you're an administrator or even a basic user of a WordPress website then you're very familiar with the standard WordPress log in page (shown in the picture provided). It comes standard with all WordPress installs and is the gateway into the back end of the WordPress system.
If you're an administrator this is the portal into the WordPress Dashboard where you control all aspects of your WordPress website. It's the lifeblood of your website; unauthorized access would be a disaster.
In a standard WordPress install, this page is located at 'http://www.[yoursite].com/wp-login.php'. In fact, when WordPress was newer, we at Digital 1 used to simply type company's website URL's in our browser with 'wp-login.php' at the end in order to see if they were running WordPress. If we suspected they were almost always their log in page was still the standard page.
why that's bad
The problem with having your log in page exist on the standard WordPress install URL is that 'wp-login.php' readily known on the internet. This leaves you susceptible to something called "Brute Force Attacks". A brute force attack is essentially many attempts to log in to a website or server using many different combinations of passwords or pin numbers usually occurring over a very short period of time. Generally these are completed by software scripts written by potential attackers.
The worst part? Sometimes they work, and people lose a lot of very valuable information. The solution? Simple. Hide/move your login page.
Hide your log in page. it's that easy.
It's pretty self explanatory. You need to hide your log in page. If you do this you'll essentially eliminate brute force attacks from your WordPress website as most of them are done by automated programs attempting to find your 'wp-login.php' page. To do this we use the WordPress plugin WPS Hide Login. This log in will allow you to choose whatever URL you'd like to host your log in page.
THANKS FOR READING THIS POST ON WORDPRESS SECURITY:
Thanks for visiting our blog and reading this installment in our WordPress Security series! We hope that it helps you get your site running at peak performance with a greater level of security. If you're looking for more great WordPress security pointers check out our full blog or subscribe in the footer at the bottom of this page. Also be sure to download our "WordPress Security Checklist" and find out what you need to be doing to keep your WordPress site safe. Click the link below to download!
