arrow_upward

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
More wordpress security for login management page
#2
You can do two easy things to prevent unauthorized access to the Wordpress Administration Dashboard.

1. Use .htaccess or configure your vHost to add another login that appears before the Wordpress Administration Dashboard that has absolutely different login details (Access Control List).
2. Use .htaccess or configure your vHost to accept only certain IP addresses and allow them to open the Wordpress Administration Dashboard (IP based Access Control List).
(3. Add 2 factor authentication to your Wordpress blog.)

Resources for username and password authentication:
- https://httpd.apache.org/docs/2.4/howto/auth.html
- https://tecadmin.net/configure-basic-aut...-htaccess/
- https://docs.nginx.com/nginx/admin-guide...ntication/
- https://www.booleanworld.com/set-basic-h...ion-nginx/


Resources for IP based access control:
- https://httpd.apache.org/docs/2.4/howto/access.html
- https://www.cyberciti.biz/faq/apache-res...rectories/
- https://support.hypernode.com/knowledgeb...-in-nginx/
- https://www.cyberciti.biz/faq/linux-unix...rol-howto/


I would actually recommend option 2 over option 1 because option 1 would only add another layer of bruteforce login while option 2 simply will lock everyone out who is NOT whitelisted.

I would stay away from any additional Wordpress plugin unless you can make sure it is very safe. You can however actually add a proper 2 factor authentication system if Wordpress has that.
[Image: zHHqO5Q.png]
lockThread Closed 



Possibly Related Threads…
Thread
Author
Replies
Views
Last Post
4,400
03-13-2019, 02:08 PM
Last Post: rudra

person_pin_circle Users browsing this thread: 2 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting