Securing your WordPress Admin

WordPress is an awesome piece of kit and allows users to create a blog or a website fairly easily and on the fly, however it has to be said it is a target for many hacks. It is absolutely important you secure your WordPress admin folder.

There is a couple of options on securing your WordPress admin folder and we will show you below how to do this, our favourite is to lock it down to our local network IP, however not everyone can have this luxury if they have a dynamic IP rather than a static.

Restrict access to an IP

Restricting access to an IP is quite easy and straight forward and is always the best option when you have a static IP.

This is all controlled via an htaccess file inside your files, you would first need to create a ‘.htaccess’ file in the folder that holds all your blog files, do ensure you have the full stop before the file name otherwise this will not work.

Now copy and paste this code.

 

  1. <Files wp-login.php>
  2. order deny,allow
  3. Deny from all
  4. #my IP address
  5. allow from xx.xxx.xx.xx
  6. </Files>

 

Where you see ‘allow from xx.xx.xx.xx’ you would replace this with your local IP address, you may find this with a site like¬†GeoIPtool¬†which will give you your IP address – please do not set this up if you have a dynamic IP address.

Password protect wp-admin instead

This is your second option and is just as useful as the other method. We will use cPanel to set this up as this keeps things simple and very easy to follow, so go ahead and login to your control panel (cPanel).

You will need to find ‘Directory Privacy’ like in the below photo, go ahead and click it.

 

 

Then look for your WordPress admin folder as per the screen options and then click on the wp-admin link.

 

 

Which should bring up a page similar to the below image.

 

 

Fill out the information and hit the checkbox then click save, you should be all done! Now when you load the wp-admin login page you should be prompted to login before seeing the wordpress admin screen! You are now all set and protected.

Remember if you are looking for a new hosting service, checkout our WordPress Hosting plans which include a free migration!