Hide WordPress Backend

Written by

Cloaking the url of where you login as administrator is a good idea as hackers know exactly where to go to in order to run a brute force attack on your wordpress site. For example, if your blog is installed on www.somerandomnonexistingsite.com/blog, then the path that I need to go to login to the administrative control panel is ww.somerandomnonexistingsite.com/blog/wp-admin.

Quick Quasi Hacker Experiment

Do you monitor any blogs online? If you do, then chances are that the majority of them use wordpress. You can just view the source code and use ctr+f and scan for wordpress to see if there are any wordpress references in there. If so, then go to the wp-admin path on their server. If you are paranoid then you can usea proxy to cloak your location, but remember you are just being nosey, and have zero intentions to actually crack into this site, or at least that’s what I hope to believe. Do you see the username and password login options? If so then now you see why there are so many built in vulnerabilities with wordpress, and to make matters worse they are probably still using admin as their username! Ok, so the main thing that we want to change is the admin login url, so to do this simply highlight the “Enable Hide Backend” box, enter the new Admin Slug, and then click save as indicated in the screenshot below.

aaaAfterwards, your old wordpress login of wp-admin will be vanished, and you can login to your administrative control panel by using your new admin slug.

Intrusion Detection

Click on the “Detect” tab in your wordpress admin panel. This feature allows webmasters to put constraints on users that havegenerated too many 404 errors. 404 errors happen when a user visits a non-existing page on a site. If a user generates a lot of these errors in a short duration, then that would send off a red flag because they are data mining a site for something, possibly a security weakness. So, enable the security features in this plugin as shown in the screenshot below:


File Change


File Change Detection

If you scroll down in this section then you should see another heading that says “File Change Detection.” I would highly recommend enabling this option because if a wordpress file is changed without you being aware of it then that is definitely not a good sign. Click the Enable File Change Detection input box as indicated in the screenshot below.

Limit Login Attempts

Click on the Login tab within the plugin settings so that you can add some additional security to your wordpress login urls. Say in the worst case scenario a hacker finds your new login page, they can still utilize the brute force attack to try and crack your password. However, if you changed your username which you should have done earlier, and if you limit the amount of login attempts they can make, then you will effectively stop them in their tracks. To limit the number of login attempts that a user can make select the “Enable Login Limits” It’s pretty scary, but wordpress will allow a user to make infinite login attempts which is terrible defense against a brute force attack, so this feature is definitely a must have. Okay, this includes the features that I would recommend using with the better wordpress security plugin which shouldn’t been painful at all. As always, I would recommend conducting further research to see if you can learn additional things.

londonrickshaws provide tailored, eco-friendly mobile advertising solutions for clients. We offer a range of rickshaw services.

Article Categories:

Comments are closed.