Simple steps in WordPress Security

If you are running on WordPress then you can follow those simple steps in assuring a better WordPress security of your website. There are many articles about this matter, many told you to use free or paid plugins, but I think you could take the matter in your own hands, and make little adjustments so your website will become more secure.

1. Redirect with .htaccess

The original .htaccess file looks like this:

so, after

RewriteBase /

add a new rule

Now you can access the login page using these 2 urls (/login and /wp-login.php). So we need to hide the wp-login.php links in your blog.

2. Change the links from wp-logins.php to /login

In your functions.php (or someone plugin) add this filter

Now, every time wordpress calls site_url(“wp-login.php?action=xxx”); this function will redirect to /login.

3. Don’t use admin as your username

This should be the easy one to set up. Visit your profile page and choose something different then the admin to be your username.

4. Use strong password for the Administrator Role

Assuming that you have only one user with the Administrator role, try to use a strong password, in which to include, lower and uppercase letters, symbols like: !, @, #, $, %, ^, &, ), (, -, = and numeric characters.

5. Install a plugin that will prevent Force Brute Logins

There are many choosing options when it comes in choosing a Force Brute Plugin, and I think it’s only a matter of personal choice since basically all of them do the same thing. Prevent access to login page, if a non-valid login details have been entered more then X time, and it’s up to you which one you will choose to use.

Published by Eduard

A young and passionate man which loves to build and to customize WordPress Themes. His main passion is to work / improve / customize Divi WordPress Theme from Elegant Themes.

Join the Conversation


  1. Hi,
    Would it be possible to change the login page name to something other than ‘login’ using this method? eg some security plugins like iThemes Security (which we use on all the sites we build) have an option to set the login page to a random set of letters like ‘fykx’, or something easy to remember but not easy to guess, like ‘login’ is.

    1. Yes of course you can change it to something else, depending on what option you choose (via .htacccess file) or adding the custom function in your theme’s functions, you can simply change “login” to whatever you want.

      Hope it helps,
      Kind Regards

Leave a comment

Leave a Reply

Share This
%d bloggers like this: