WordPress, being a popular blogging choice by many, there will always be a creeper who is trying to get into your WordPress admin area just to mess things up.
Moreover, the Internet is really the scariest place and if you don’t know how to properly protect your stuff, then you are not going to last long.
So in this quick WordPress security article, let us see the vital steps you can take to protect WordPress admin area from regular hack attacks.
Even though I’m only sharing the top 4 vital tips to secure your WordPress admin area, there are a whole set of tips to secure WordPress site.
1. Password Protect wp-admin Directory
If you don’t mind entering two passwords while accessing your WordPress admin area then do consider password protecting your wp-admin directory. This step adds an additional layer of security before entering the actual password.
To password-protect wp-admin directory you either use AskApache Password Protect WordPress plugin or you can do it from your web hosting Cpanel.
To password-protect the wp-admin directory from the Cpanel, login to your web hosting Cpanel, find and click on the link “Password protect directories.”
This action will pop-up another option where you have to select the “Web Root” option. If you have multiple sites in your hosting account, then select the site you want to protect.
Here navigate to
/wp-admin/ directory. Now, simply select the checkbox and name the directory you are protecting. Once you have done that, scroll down and create a new user who can login into that protected directory.
That’s all there is to do. From this point forward, any user should enter the additional username and password you just created to access the wp-admin directory.
2. Limit Login Attempts
Unless you change the WordPress admin login URL, almost any random user can access your WordPress admin area where they can try different usernames and passwords to get access.
After all, this is human curiosity.
But sometimes this may turn dangerous as the real hackers may try brute force attacks to get your WordPress admin password.
In order to eliminate this, you can use Limit Login Attempts plugin which effectively locks out users after specified number of invalid attempts.
The best thing about this free plugin is that you can easily control all the settings from its settings panel.
3. Restrict IP address
Using .htaccess rules, you can easily restrict access to your WordPress admin panel by the IP addresses.
To do that, all you have to do is to add the below rules to your.htaccess file in your WordPress root directory. Don’t forget to change the IP address. If you don’t know your IP address, then a simple Google search will do the trick.
Note: Add the below rules at the top of the .htaccess file.
# Limit access by IP address <Files wp-login.php> order deny,allow Deny from all # whitelist IP address one allow from xx.xxx.xx.xxx # whitelist IP Address two allow from xx.xxx.xx.xxx </Files>
4. Never Use the Username “Admin”
Well, most of you know that you shouldn’t be using the default username “admin” to secure your WordPress admin panel. But still there are many WordPress sites out there who use the username “Admin” which is either created by the WordPress installation scripts or by the others who manage your WordPress site.
So always avoid using the default username “admin” and use a username that is not so obvious as it makes it harder for the hacker to guess.
As you can see, protecting your wp-admin directory is really easy and it makes your site more secure and safe from the regular hack attacks.
Hopefully that helps and do comment below to sharing your thoughts and experiences about protecting WordPress admin area.