How do you keep the WordPress login secure?

If you have finished your WordPress website or are just starting the installation, it is always a good idea to keep your WordPress login page secure. After all, this is the environment in which you can change almost everything on your WordPress website. You obviously have a particularly strong password for your Administrator account, but what else can you apply to further secure the WordPress login?

Plugins

With plugins you can achieve a lot within WordPress hosting. So too can the security of your login page. However, we do not recommend using too many plugins. The more plugins you use, the more they need to be loaded. This can cause delays on certain resources. So always read up before you decide to install a plugin. It is also important that there are always recent updates released for plugins. WordPress is an extensive CMS that is constantly evolving, and so are the plugins.

Loginizer

Is a plugin that you can install within WordPress and keeps track of every failed login attempt that is made. So you can keep an eye on when this happens and from which IP address. After this you can intercept and block the attempt.

Web.config

On the hosting of MijnHostingPartner.nl we use Microsoft IIS. In the web.config file you can take measures to make sure that people can't just log in. You can even set it up so that only a specific IP address can be used. If you only work from home then you can allow your Home IP to be the only one to access the WordPress Admin environment. It also works the other way around. You can also block specific IP addresses or ranges. In our knowledge base we have a lot of articles about this that you can use to completely block your Hosting.

Password and Permissions

We'll mention it again just to be sure. The passwords you use are extremely important for the security of your website. We have already taken measures against this so that the username and password cannot be the same. And the most common passwords are also blocked.

This is due to our Web Application Firewall. However, we cannot catch everything. Therefore, it is still important that you use a strong password. The permissions of your website are also important. To turn on write permissions on the entire website is a good way to cause problems. The only folder that needs write permissions is the wp-content folder.