Website security is an ongoing topic of conversation. If you are running a blog or a website, you now have to constantly protect, monitor, adjust, and take measures to make sure your work has not been compromised in any way. The best defense against piracy is awareness and being pro-active. One of the most vulnerable parts of your site is your login page. Let’s look at what steps you can take to stop hackers from accessing your login page.
Why is your login page so vulnerable?
Let’s think about it for a minute. Why would your login page be so vulnerable?
The answer is that it is so easy to find and it is accessible to anyone. Yes, anybody and everybody including hackers with their powerful ‘bots’.
Do you want proof?
- Install a security plugin on your site and see in real time how often your login page is being accessed, how often your plugin blocked a “user” who tried to login using fake usernames and passwords essentially detecting a Brute Force Attack. It is scary to realize that a sudden jump in your traffic stats is nothing but targets to your login page.
- Enable the Brute Force Attack notification with your plugin and see how often you receive an email that a Brute Force Attack has been prevented on your site.
- Check your Google Analytics referral traffic URLs in a browser, and see those URLs being nothing but pages you don’t want to have anything to do with.
So yes, your login page is one of the most vulnerable places on your site. Making sure you have a plan in place to prevent a disaster is far better than having to deal with it once you have been hacked.
Solutions to protect your login page
The good news is that there are options available to protect your login page.
- Choose a safe username
- Select a strong password
- Do not save your password in your browser
- Make your login page less accessible
Choose a safe username
You should always choose a username that is NOT intuitive and should absolutely avoid the following usernames:
- Your domain name
Select a strong password
This is true for your WordPress or Joomla site, or for any of your passwords in general. It is a good practice to select a password that is long enough, and include a combination of uppercase and lowercase letters, numbers and special characters. Avoid using your name.
Do not save your password in your browser
Viruses come in many different ways and your computer is not immune from attacks. Not saving your login credentials in your browser is one extra step towards staying safe.
Make your login page less accessible
This is so easy to do that I’m surprised that so many bloggers or site owners do NOT change their login page and also that designers do NOT make this a priority when designing blogs or websites for their clients. This should be TOP PRIORITY.
Everybody knows how to access a WordPress login page. All you have to do is write the domain name in the browser followed by:
- /wp-admin or /wp-login
- For example, if your domain name is mycompany.com, enter mycompany.com/wp-admin or mycompany.com/wp-login, and then you are presented with the option to login or register.
How do you make your login page less accessible?
It is an easy procedure for WordPress.
- It is done with the use of a plugin called WPS Hide Login which lets you change the URL of the login page to anything you want. Without being too technical, once you have chosen a new login URL your wp-admin or wp-login pages will be intercepted and not accessible.
How it works: you’ll have to choose a new name to add to your domain name, for example if your domain is yourcompany.com and you choose mytailor, your new login page URL will be yourcompany.com/mytailor
Here is the full easy step procedure
8 easy steps to stop hackers from accessing your login page
- Login to your dashboard.
- Select your plugin page and Select Add New.
- Search for WSP Hide Login.
- Download and activate the plugin.
- If you are not redirected to the settings, go to your SETTINGS, GENERAL.
- Add a name for your new URL login page.
- Logout and log back in to make sure everything is working properly.
A final word on stopping hackers from accessing your login page
There are many ways in which your site could be compromised. Remember that you can never be too cautious when it comes to security. Having a plan in place that includes monitoring and making regular backup copies of your files are definitely necessary steps. If you are suspicious, it is better to look for help than wait until it is too late. However as you see, protecting your login page is not difficult to do and should definitely be a priority if you have not done so already.
Please leave a comment and share your experience.