05-17-2020, 06:34 AM
(05-16-2020, 01:58 PM)hamed Wrote: Hello . My friends, I use Wordpress for my site. For more security, I want the link www.mydoamin.com/admin to be disabled, and whenever I need to login, I need to enable it ... Please help.
[font=MsYekan, Tahoma]I want to do this because I've had several unsuccessful logs of different IPs that have tried to infiltrate the site's management system many times. I use the php security system to edit a series of site information, and I close it whenever I don't need it, but this is also very important for / admin.[/font]
@"Hidden Refuge" suggestion is excellent and an eye-opener for me too. I really like WordPress myself and have been using it for many years. WordPress is the one script that is great to have, but only when you are responsible enough to know that you can't afford to take any risks with it. Particularly since there are thousands of exploits that have been developed to match every possible risk you can take with the script. That's why WordPress needs to be updated so regularly. Mostly because some or other script kid discovered a new security hole. NEVER use nulled themes or plugins. Like with WordPress you can't get away with that. Some or other time, because there are thousands of script kiddie bots that have penetrated every known weakness in WordPress script, it will trip you up, guaranteed!
So am curious to know whether you are using the security plugin WordFence. It is a free plugin so if you are connected to WordFence with your e-mail address, they will monitor your WordPress site and particularly the access through the Admin Panel. They're very strict. So if someone tries to access your WordPress site breaking some security setting (which you can set yourself in the Admin Dashboard - or the default settings of the plugin are also very good), they will automatically disable your admin panel. When it first happened to me (it rarely happens, but it has happened to me twice in many years), when I tried to access my Admin Panel there was a WordFence pop up that came up that XYZ exploit was in process and they blocked it for this that or the other reason - I couldn't get in. They tell you exactly why they blocked your access through Admin Panel. So I learned (possibly common sense) to get back in you need to first disable the WordFence plugin by going into your FTP client and put a number or "x" in front of the plugin folder. You'll then be able to access your panel normally, and then make the changes to fix the security problem that WordFence pointed out, and then enable WordFence again. That way you'll know your Admin Panel is safe. WordFence also sends you regular updates of the latest WordPress exploits that have been uncovered. Ordinarily I look at reports like those as spam, but their reports are really well written and researched, where they've actually done research and provide solutions as well.
Other thing is to NEVER have the user name Admin - try to make the user name very unique - not even like your own name. You have to give the Admin Panel a complicated user name as there are bot networks going for particularly panels that use the user name admin - or a name or names that stand out in your Website. It has to be a user name no one else would think off. Also make sure you have a really strong and complicated password and that all of your plugins are up to date and regularly maintained by the authors of the plugins too. Don't use nulled anything, particularly themes. Only use themes and plugins that have been vetted by WordPress and provide you with up to date information when last they have been updated by the author. The older the plugin or theme gets, the more important it is for you to go back to WordPress to check when last they have been supported by the author. It is very easy to pick up on this when support questions in the discussion section of the plugin have gone unanswered for a long time, or there have been complaints.