Secure Your WordPress Blog Admin Login from Hackers

March 17, 2009

If you have WordPress installed on your website like me, you will love this tool called WP-Padlock Pro which prevent hackers from hacking into your WP blog admin login.

For a normal install of WP, the default admin login URL is yourdomain/wp-admin or yourdomain/blog/wp-admin if you install it in a folder called “blog” or whatever you name it. Even worse, some reverse-engineered WP installer uses “admin” as the default username. This gives hackers two things: (1) the exact admin login URL and (2) the exact admin login username. Hackers only need to guess the password and they sure have a way to do that automatically.

How about protecting your WP admin login with your IP, that is, only you can access the login page from that IP? WP-Padlock Pro does just that!

It is a tiny php script that allows you to rename its filename so that no one but you know about it. You then just upload it along with some other files to the root folder where your WP is installed. Once you access that file (only you know what the URL is), it records your computer IP and then it bans instantly anyone else to access the regular WP admin login address.

What if you want to login from another computer, say a computer in your office, which has a different IP? You just access that hidden WP-Padlock Pro file again and it will update the IP you access the file from and then redirect you to the admin login URL.

Give it a try. I have protected this WP blog of mine with WP-Padlock Pro and see it you can access the regular admin login URL. You know where this regular admin login is, do you?

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Posted in Handy Online Tools