Killer Tools to Secure Your WordPress Dashboard from Hackers
Now a days Hackers are targeting Famous Social Networks Sites. If your site is becoming successful or famous then you may become Hacker’s next target. Here are some simple and effective solutions to protect your blog from hackers.
Moving the Login page
The robots can easily find your login page as it is available by default at: yoursite.com/wp-admin. To prevent spam or malicious people to access your login page, you can move it.
The simplest solution is to use the plugin Stealth Login that allows you to select the URL from which you access your login page.
Limit the number of trials
Also to counter spam attacks or malicious people who would try to find your password, you can limit the number of connection attempts. This solution already exists on most cell phones (PIN) and sets up very easily with the wordpress plugin Login Lockdown .
Choose a secure password
Several studies show that a large majority of Internet users use simple passwords. And they use the same password everywhere.
Here are some tips for choosing your password :
- Avoid passwords that are simple. They are too easy to discover. Also, do not repeat the title of your account or any part of the title in your password.
- Do not use the information known by your family, your dwelling place, your maiden name, your date of birth, name of your pet, etc.. This kind of password is indeed very easy to guess for someone who knows you a little.
- Mix preference letters, numbers and characters symbols (!#$%-_). Hackers use computer programs in effect to break the passwords: one to one test word in the dictionary does not pose a problem.
- Alternate upper and lower cases to strengthen the security of your password.
Use a secure SSL connection
SSL is probably one of the best ways to provide a secure connection. With SSL, your urls will take the format https://
Caution, however, the SSL connection is often offered as an option by the hosts. So make sure you have the opportunity to make or use your own SSL certificate.
So simply add the following code in the wp-config.php
define('FORCE_SSL_ADMIN', true);
Or more simple core, install the plugin wordpress Admin SSL , which is however compatible versions higher than the 2.7.
Use an encryption password
SSL was not available to everyone (cost), you can fall back on the solution proposed by the plugin Semisecure Login Reimagined that uses a key RSA to encrypt the password. (Javascript required)
Double your password
Twice is better than one! The hacker can find your first password with a chance but not the second! To set up a second password on your admin access you can use a file . htaccess or simply install the wordpress plugin AskApache Password Protect will do it for you.
Do not use the username “admin”
By default, wordpress will you generate a password “strong” but a common identifier: admin. Change it immediately with something else (avoid using your name in lowercase). By changing this ID you make the task more difficult since the hacker will also find your username.
To delete the admin user, you must create a new one that has administrator rights and then delete the account created by wordpress.
Hide the error messages of the login page
The message “wrong password” or “invalid username” is information that will help the hacker to retrieve your password. You can hide them by adding the following code in your function.php.
add_filter('login_errors',create_function('$a', 'return null;'));
But be careful because the error messages will disappear for you and your users.
Use a password to use once
If you travel a lot or use public computers or connections open (public wifi), I recommend the plugin one-time password that will allow you to renew the password after each session. Thus, if a hacker gets your password they can not re-use. This solution remains binding on a daily basis.
To conclude, there are many ways to secure access to your wordpress dashboard. Among those proposed, need not all be implemented. Choose the one that best fits your needs. Attention, we have spoken only of security access to your dashboard, there are other trouble spots that hackers can use.
so, which method you are implimenting or want to impliment? suggest us any other methods if you know any?
9 Responses to “Killer Tools to Secure Your WordPress Dashboard from Hackers”
Trackbacks/Pingbacks
- Tweets that mention How to Secure Your WordPress Dashboard -- Topsy.com - [...] This post was mentioned on Twitter by Harsh Agrawal, Shanker Bakshi. Shanker Bakshi said: Killer Tools to #Secure Your ...
Awesome article, have never heard of some tips listed above! Thanks a lot for sharing i will check them out.
This is really great information. My site was attempted not 3 weeks ago. These plugins sound perfect.
Yes some really helpful tool to secure from such attempts. glad you like it.
Hey Isha
very nice and usefull article. Bookmarked it
– Sudharsan @ Technoskillonline
goosd post isha…
gonna secure mah WordPress blog asap!
Hi Shanker
Really you provide the latest information about WordPress….! These posts are useful for wordpress users.
Thanks for this isha..great post thanks for the tips for aware spammers.
Great tips, I’ve used Login Lockdown, it’s very cool. Stealth Login sounds very cool, I’ll try it!
i think changing the login id something else makes the chances of getting hacked less than half …
Sourish