How can we control access to the admin area of a website?


Welcome to our most recent round-up of technology and hosting news. When your WordPress admin area has a lot of vulnerability issues, you should take these measures to protect it.

The following are a few of the measures:

1. Secure the WordPress Admin Directory with a Password.

The WordPress password automatically secures your WordPress admin area. Password protection for your WordPress admin directories, on the other hand, offers The WordPress password automatically secures your WordPress admin area. Password protection for your WordPress admin directories, on the other hand, offers additional levels of protection to your site. levels of protection to your site.

The most straightforward option to password-protect your WordPress admin area is to use cPanel, due to its user-friendly design.

To use cPanel to password protect wp-admin, follow these steps:

1. Log in to cPanel and check the Files tab

2. Locate and select the ‘Directory Privacy’ option.

3. The list of all the directories on your WordPress website can be seen here. Select the public_html directory from the drop-down menu.

4. Modify the wp-admin folder.

5. All additional WordPress content is stored in the Public_html folder. The ‘wp-‘ prefix here on folder titles, as you can see.

6. By clicking on the edit button, you can modify the wp-admin.

7. Now, password protect the wp-admin directory.

8. please tick the “password protect this directory” option. This box will be enabled now. Click the save button after checking the directory name.

9. Create a user and a password.

10. From here, you can create a new user. Set the user’s username and password, then click Save.

The directory wp-admin is password-protected. In the Directory Privacy section, look for the wp-admin folder, which has a folder symbol with a lock.

2. Make use of strong passwords.

For all of your online accounts, including your WordPress site, use strong passwords. In your passwords, we recommend using a mixture of letters, numbers, and special characters. Hackers will have a harder time guessing your password as a result of this. There are some fantastic password manager apps available for both computers and mobile devices.

3. WordPress Login screen with Two-Step Verification

2 step verification includes an extra degree of security to your credentials. It requires you to enter a verification code issued by the Google Authenticator app on your phone instead of just the password.

If someone else figures your WordPress password, they’ll need the Google Authenticator code to enter your account.

4. Cap the number of times you can log in.

WordPress allows users to input their passwords as many times as they like by default. This means that someone can keep attempting different combinations to guess your WordPress password. It also allows hackers to crack passwords using automated scripts.

You’ll need to install and activate the Login LockDown plugin to fix this issue. All of your preferences will be preserved!

5. Make sure WordPress is up to date.

WordPress updates new versions of the software on a routine basis. Each new WordPress release includes crucial bug fixes, new functionality, and security updates.

If you’re running an earlier version of WordPress on your site, you’re leaving yourself vulnerable to known exploits and vulnerabilities. To correct this, make sure you’re running the most recent version of WordPress.

WordPress plugins, too, are frequently updated to add new features or fix security and other issues. Make sure all of your WordPress plugins are up to date as well.

6. Login Hints can be turned off.

When a login attempt fails, WordPress displays messages that indicate if the user’s username or password was wrong. Someone could exploit these login tips for illegal purposes.

By adding the code to your theme’s functions.php file or a site-specific plugin, you can quickly hide these login hints.

7. Always use a Website Application Firewall to protect your website.

A Web Application Firewall works as a shield between the website/web application and internet traffic.  It checks internet traffic and inspects all incoming requests before allowing them to access your website/web application/web server, filtering out and preventing malicious requests and botnets while allowing only genuine users access.

All WordPress users can download the Sucuri Security WordPress plugin for free. Sucuri Inc. is a well-known authority in all things connected to website security, with a focus on WordPress security.

8. Password Reset for All Customers

Worried about the safety of your WordPress multi-user site’s credentials? You may quickly request that all of your users change their passwords.

The Emergency Password Reset plugin must first be installed and activated. After you’ve activated your account, go to Users » Emergency Password Reset and click the ‘Reset All Passwords’ button.

9. Build personal registration and login pages.

Many WordPress sites require customers to register before they can use them. Users must create an account on membership sites, learning management systems, and online stores, for instance.

These people can, however, log into the WordPress admin area using their accounts. This isn’t a major deal because they’ll only be able to accomplish what their user job and skills allow. It does, however, prevent you from appropriately restricting access to login and registration sites, which are required for users to sign up, manage their accounts, and login.

Creating unique login and registration pages allows people to signup and login straight from your website, which is a simple fix.

10. Learn About WordPress User Roles and Permissions

User roles are just a set of different actions (referred to as capabilities) that a user with that position is authorized to carry out. Super Admin, Administrator, Editor, Author, Contributor, and Subscriber are the six pre-defined roles in WordPress. Each role is granted access to a set of tasks known as Capabilities. “Publish posts,” “moderate comments,” and “edit users” are just a few of the options.

When a user role is assigned incorrectly, it can offer them more powers than they require. To avoid this, you must first grasp the capabilities associated with various WordPress user roles.

That’s it! Hope you liked it. More news, blog pieces, knowledge base articles, and information about our comprehensive range of hosting services may be found on our website.

eTechSupport is a Managed Services Provider specialising in services like Web Hosting Support, Server Administration, Management & Monitoring, Live Support (Ticket Support - Chat Support), Database Administration, Remote Backup Configuration & Management and Migration as a Service.

Get your free trial now