How to Protect WordPress Admin Area

Michael Oldborn
protect wordpress admin are

We do suggest you to read the whole article carefully if you have website. Protecting your Admin space from unauthorized access also means protecting yourself from many cyber attacks. In this article, we will talk about how to secure your WordPress admin login. We’ll give you 13 very important tips in this article.

1. Always Use A Strong Password

Not only in WordPress, using a strong passwords for all your online accounts is always an advantage. You password particularly should contains a letter, a number and a special character. This way, you will take great precautions against hackers.

2. Use A Web Site Application Firewall

When you use a web site application firewall, the application monitors your website and blocks suspicious requests. This way, it protects your site by preventing them from reaching to your site. Although there are many security plugins, we recommend that you use the Sucuri Security plugin.

All traffic to your website goes through cloud proxies first. At this time, it analyzes each request one by one and blocks suspicious ones. This prevents potential attacks on your website and also prevents malicious software from damaging your site.

3. Use Two-Step Verification

Two-step verification adds a second input layer to your site. When you try to log-in, it will also request verification on the second layer and then you’ll be granted access after this verification.

In short, it asks you to enter the code that comes to your phone, which is a second layer other than the password. So, even if someone malicious learns your WordPress password, they will need to enter the code sent to your phone for full access.

4. Limit Log-in Attempts

By default, WordPress allows its users to try as many different passwords as they want to login. It’s also known as  “brute force attack”. Hackers take advantage of this situation and repeatedly try to access your site using scripts that go into different combinations.There is a simple way to limit login attempts. All you have to do is download and install the Login LockDown plugin. Follow the Settings – Login LockDown steps to make the settings after downloading and activating them. You will need to visit the site.

Giriş denemelerini sınırlama ile ilgili ayrıntılı bilgi için tıklayınız.

5. Disable Login Hints

When failed login attempts appeares, WordPress sends errors to users informing them whether their usernames or password are incorrect or not.

By adding the following snippet code to your function.php file, you can easily hide these input hints and prevent them from falling into the hands of malicious people.

function no_wordpress_errors(){
return 'Something is wrong!';
add_filter( 'login_errors', 'no_wordpress_errors' );

6. Keep Your WordPress Updated

WordPress generally publishes new versions of their software. Each released update aims to fix significant bugs and also added ne feautures as well. Using an older version may cause you serious problems through known vulnerabilities. That is why you should make sure your WordPress is up to date.

Similarly, WordPress plugins have been updated to offer new features to their users and get rid of vulnerabilities. So, make sure to have them updated as well.


7. Enable Users To Use Strong Passwords

If you’re owner of a blog site or a site which includes many different users you should ask them to create a strong password because they may create a weak password, which may enable hackers to access to your website. As mentioned above, weak passwords are easier to guess.

8. Limit Login Access to IP Addresses

One another way to secure a login in WordPress is to limit access to certain IPs. This way is especially useful when you or certain users need access to the admin area. You need to add the following snippet code to your .htaccess file.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
order deny,allow
deny from all
# whitelist Syed's IP address
allow from
# whitelist David's IP address
allow from

9. Reset Password For All Users

If you are a multi-user site owner, you can ask users to reset their passwords in any important situation. What you need to do is install Emergency Password Reset plugin and active it. Then, follow the steps Users > Emergency Password Reset and reset all passwords.

10. Create Custom Login and Registration Pages

Most websites require users to register. For example, membership sites, learning management sites, or online stores requires users to create an account.

Users can use their accounts to log into the WordPress admin area. It’s not a big problem because they’ll only be able to do what their user roles and abilities allow. To make sure there will be no cyber attack from the register page, you should limit the access properly. 

So, to avoid this situation, create custom login and registration pages for users to register and log in directly from your website.

11. Limit Dashboard Access

While some of the WordPress sites have specific users who need access to the control panel, there are also some users who do not have access.  You shouls note that all of them can access the administrator field, by default.So, to get rid of this situation, you need to install and actived the Remove Dashboard Access plugin. After activeting it, you can see the steps from: Settings > Dashboard Access. Here, you need to determine which user roles can have the access administrator role on your WordPress panel.

12. Log out Idle Users

WordPress does not log out users unless you explicitly close browser windows. This might be extremely risky for those WordPress site that has major datas. For example, anyone might be able to access to your site that is not completely logged out. Therefore, financial institution websites and applications automatically log off and expel the user when the user is not active for a certain time.

So, to get rid of such situation, please install and active Idle User Logout plugin and make sure any idle user is logged off. After downloading and activating the plugin, please go to the Settings-Idle user Logout page in order to determine the time during which users will automatically log off.

13. Learn About WordPress User Roles And Permissions

When you add a new user to your WordPress site, you can grant users access to the required fields. In other words, you can determine the user’s roles. The roles you assign to users define what can be done on your WordPress site.

When you assign an incorrect user role, you may grant more authority than needed. So, to avoid this situation, you need to know what the roles you assign mean.

In this article, we aimed to give you tips on protecting your WordPress admin panel. We hope it helps you to understand the situation well. We’d love to hear your feedback if you find this article usefull.

Why is WordPress Security Important

If you have any questions about this article or other topics, please click the button below. Your questions will be answered soon.

Quality And Fast Hosting

If you want an affordable, reliable and fast WordPress server, just go ahead and click on the button and get a package as needed.