Hi all,
Welcome back to my blog-post…….!!!!
Most of the peoples are using wordpress to build their websites due to its simplicity and also its user friendly too
But lot of attackers are targeting wordpress login page to hack the websites, If n- number of hits received our server related services will be seriously affected and there may be a chance of server sluggish
The cause of the outage was a distributed denial of service (DDoS) attack, in which a network of computers infected with special malware, known as a “botnet”, are coordinated into bombarding a server with traffic until it collapses under the strain.
This kind of attack is known as DDoS attack
So securing the wordpress login page is an important one to keep our website related contents to avoid data loss
There are lot of ways to protect the wordpress login page some of them are protecting using plugins/enabling captcha
But one of the recommended protection is enabling first level authentication to our wordpress login page
Step 1 : Log on cPanel
Log on your cPanel using the cPanel logon credentials and go-to file manager
Make sure dot files are not hidden, if its hidden kindly enable show dot files option in the file manager itself
Step 2: Generating htpasswd:
Now we need to generate a htpasswd for encrypted password, There are lot of htpasswd generators are available in internet
If you feels its hard to find an htpasswd generator then click here
Step 3: Creating htpasswd file:
Now we need to create a new file in the home directory itself, Save the file name as .wp-admin and put the generated htpasswd in that file
Step 4: Editing .htaccess file configuration:
This is the main part where we need to update our configuration script
We need to paste the below script in .htaccess file and make sure the .htaccess file starts with the below script
Then only first level authentication will works perfect
ErrorDocument 401 "Unauthorized Access" ErrorDocument 403 "Forbidden" <FilesMatch "wp-login.php"> AuthName "Contact Your Hosting Company for Username and Password" AuthType Basic AuthUserFile /home/shreeoms/.wpadmin require valid-user </FilesMatch>
Step 5: Verifying our task
If you followed the steps without any mistakes now you will be prompt for first level authentication at the time of accessing your wordpress admin login page
Now we have successfully enabled first level authentication for our wordpress login page
Another tip which I wish to say is keep your plugins/themes updated periodically which will helps to reduce the malicious/infected scripts injections to your wordpress based website
We all know our website data is so important so even we enable the first level authentication we need to change our wordpress admin login credentials periodically which will helps to protect our website information
Also I’m advising you to take the backup periodically and store into multiple location where you felt the backup is safe
Unfortunately If any data loss occurred on your wordpress based website, the backup which we maintain will helps us to restore the website as earlier
Thanks for reading and learning a new thing from my article, See you on my another blog post
Bye…..!!!!!!!