05-16-2020, 02:17 PM
You can do two easy things to prevent unauthorized access to the Wordpress Administration Dashboard.
1. Use .htaccess or configure your vHost to add another login that appears before the Wordpress Administration Dashboard that has absolutely different login details (Access Control List).
2. Use .htaccess or configure your vHost to accept only certain IP addresses and allow them to open the Wordpress Administration Dashboard (IP based Access Control List).
(3. Add 2 factor authentication to your Wordpress blog.)
Resources for username and password authentication:
- https://httpd.apache.org/docs/2.4/howto/auth.html
- https://tecadmin.net/configure-basic-aut...-htaccess/
- https://docs.nginx.com/nginx/admin-guide...ntication/
- https://www.booleanworld.com/set-basic-h...ion-nginx/
Resources for IP based access control:
- https://httpd.apache.org/docs/2.4/howto/access.html
- https://www.cyberciti.biz/faq/apache-res...rectories/
- https://support.hypernode.com/knowledgeb...-in-nginx/
- https://www.cyberciti.biz/faq/linux-unix...rol-howto/
I would actually recommend option 2 over option 1 because option 1 would only add another layer of bruteforce login while option 2 simply will lock everyone out who is NOT whitelisted.
I would stay away from any additional Wordpress plugin unless you can make sure it is very safe. You can however actually add a proper 2 factor authentication system if Wordpress has that.
1. Use .htaccess or configure your vHost to add another login that appears before the Wordpress Administration Dashboard that has absolutely different login details (Access Control List).
2. Use .htaccess or configure your vHost to accept only certain IP addresses and allow them to open the Wordpress Administration Dashboard (IP based Access Control List).
(3. Add 2 factor authentication to your Wordpress blog.)
Resources for username and password authentication:
- https://httpd.apache.org/docs/2.4/howto/auth.html
- https://tecadmin.net/configure-basic-aut...-htaccess/
- https://docs.nginx.com/nginx/admin-guide...ntication/
- https://www.booleanworld.com/set-basic-h...ion-nginx/
Resources for IP based access control:
- https://httpd.apache.org/docs/2.4/howto/access.html
- https://www.cyberciti.biz/faq/apache-res...rectories/
- https://support.hypernode.com/knowledgeb...-in-nginx/
- https://www.cyberciti.biz/faq/linux-unix...rol-howto/
I would actually recommend option 2 over option 1 because option 1 would only add another layer of bruteforce login while option 2 simply will lock everyone out who is NOT whitelisted.
I would stay away from any additional Wordpress plugin unless you can make sure it is very safe. You can however actually add a proper 2 factor authentication system if Wordpress has that.