A Simple Way to Keep Your WordPress Admin Secure

WordPress is easily the most widely used blogging platform.  With the simplicity and ease of use, it is not surprise.  When we create blogs, we usually make sure that we have all the best plugins to make our blogging lives easier along with better results in the SERPs.  I am sure that there are many of you out there that have many blogs that are setup the same way.  Each one as the same plugins, permalinks, and settings.  The main issue that many people forget, especially beginner bloggers, is the security of their wordpress blog.

Unfortunately, with the increase of use of any software comes the increase in hackers and security loopholes.  Since WordPress is open-source, it can easily be obtained by hackers that can study the code to look for security holes.  This happens all of the time and why you see so many updates in your WordPress dashboard.  Keeping up with updates can be an easy way to keep hackers out of your blog, but there is another simple way for anyone that has an apache server hosting their website.  The main security flaw in WordPress is the use of wp-admin as the login screen.  Everyone knows it and can navigate their way to your admin login section at any point.  Now, I am aware that we all have user names and passwords that is to prevent unwanted users in our blog, but how many of you don’t change the username from “admin”?  This is a common mistake in new bloggers is to keep the tried and true name of “admin” as the username.  The first step to securing your blog is to change this name.  Next, I will show you the way to add another layer of protection on your admin login page.

This method should not be used for anyone that wants users to register on their blog.  There are many of blogs that do not want people registering as it is too much of hassle.  If you do not require a registration, then make sure to change the setting in your admin section to make sure people cannot register on your blog.  If you have Cpanel with your webhost (most apache webhosts have Cpanel), then you need to login.  We are going to password protect the wp-admin folder in order to add another layer of security.  This is done in a few simple steps, which I will outline below.

1. Once logged into Cpanel, you need to scroll down the home page and click Password Protect Directories.  This will then give you the option to view the folders in your webroot, or specific directory.  Choose which one you want.
2. Cpanel will take you to a page that allows you to see the directories.  You can either go into a specific directory and password protect a folder inside of it, or you can click on the directory name to start the process of protecting that directory.
3. If you have installed wordpress in your root directory, then you will want to go there and then click the name of the admin folder “wp-admin”.  If you have installed your blog in a subdirectory or subdomain, then you will want to navigate to that directory and then click the name of the admin folder “wp-admin”.
4. This next page gives you the ability to tell your server to password protect your wp-admin directory.  You will want to check the box and to password protect the directory and then give it a name.  You can name it anything you like.  This is what the login box will say when it pops up to login.

   

5. You will then want to create a user.  This will be what you use to login to access the wp-admin folder.  Do not use the same login information as your wordpress admin login.  This will defeat the purpose.  Once the user is created, make sure you add it to the authorized list.
6. After you Save and Add the users, your wp-admin section will then be password-protected.  It is similar to how you log into Cpanel, but once you log in with the server popup, you will then see the regular wordpress login page.  Use your wordpress admin login to get to your blog dashboard.

While I realize that this is another step in logging in, imagine how better you will feel.  It can be very heartbreaking to see that when you log into your blog dashboard to see that your blog has been hacked.  All of that time and effort gone without any warning.  While you many have backups, it is still a major pain to redo the blog.  Just by password-protecting your wp-admin folder, it gives you an extra sense of security.  While there are many other ways to provide your blog with security, this is a very easy thing to implement.  Just remember that if anyone tries to go and register for your blog, they will see the pop-up window.  Just make sure to disable registration.  Happy blogging everyone!