If you are running on WordPress then you can follow those simple steps in assuring a better WordPress security of your website. There are many articles about this matter, many told you to use free or paid plugins, but I think you could take the matter in your own hands, and make little adjustments so your website will become more secure.
1. Redirect with
.htaccess file looks like this:
add a new rule
Now you can access the login page using these 2 urls (
/wp-login.php). So we need to hide the wp-login.php links in your blog.
2. Change the links from wp-logins.php to /login
In your functions.php (or someone plugin) add this filter
Now, every time wordpress calls site_url(“wp-login.php?action=xxx”); this function will redirect to /login.
3. Don’t use admin as your username
This should be the easy one to set up. Visit your profile page and choose something different then the
admin to be your username.
4. Use strong password for the Administrator Role
Assuming that you have only one user with the Administrator role, try to use a strong password, in which to include, lower and uppercase letters, symbols like:
!, @, #, $, %, ^, &, ), (, -, = and numeric characters.
5. Install a plugin that will prevent Force Brute Logins
There are many choosing options when it comes in choosing a Force Brute Plugin, and I think it’s only a matter of personal choice since basically all of them do the same thing. Prevent access to login page, if a non-valid login details have been entered more then X time, and it’s up to you which one you will choose to use.