05-17-2020, 01:38 PM
(05-16-2020, 02:17 PM)Hidden Refuge Wrote: You can do two easy things to prevent unauthorized access to the Wordpress Administration Dashboard.Thank you very much for your explanation. I also choose option 2. But before that, I want to ask if it is possible to do something in cpanel that I needed the admin page to activate at any time? And I didn't need to keep it locked in cpanel with every trick at all times? I mean, the domain / admin will remain closed for all IPs when I don't need it, and I can only open it myself through the cpanel panel.
1. Use .htaccess or configure your vHost to add another login that appears before the Wordpress Administration Dashboard that has absolutely different login details (Access Control List).
2. Use .htaccess or configure your vHost to accept only certain IP addresses and allow them to open the Wordpress Administration Dashboard (IP based Access Control List).
(3. Add 2 factor authentication to your Wordpress blog.)
Resources for username and password authentication:
- https://httpd.apache.org/docs/2.4/howto/auth.html
- https://tecadmin.net/configure-basic-aut...-htaccess/
- https://docs.nginx.com/nginx/admin-guide...ntication/
- https://www.booleanworld.com/set-basic-h...ion-nginx/
Resources for IP based access control:
- https://httpd.apache.org/docs/2.4/howto/access.html
- https://www.cyberciti.biz/faq/apache-res...rectories/
- https://support.hypernode.com/knowledgeb...-in-nginx/
- https://www.cyberciti.biz/faq/linux-unix...rol-howto/
I would actually recommend option 2 over option 1 because option 1 would only add another layer of bruteforce login while option 2 simply will lock everyone out who is NOT whitelisted.
I would stay away from any additional Wordpress plugin unless you can make sure it is very safe. You can however actually add a proper 2 factor authentication system if Wordpress has that.