Let’s find out how we can secure our server and protect ourselves from attackers.

Why Do I Need to Secure Wordpress?

Wordpress’s popularity makes it a target for hackers.

Tuya Wi-Fi IR Blaster on a wooden desk.

With millions of users worldwide, attackers get the most bang-for-their-buck by exploiting such widely used tools.

Then we can create a secure password for the original administrator account, so it will not be guessed.

Easy-to-guess usernames allow attackers to guess common usernames and password combination to gain access to your Wordpress installation.

synology nas

With a username like “mywebsite123987@#$@!

“, hackers will find it difficult to compromise your server this way.

To create a new user, open your Dashboard and navigate to Users.

Article image

Select Add New in the top navigation to create a new user.

Assign this user the Administrator role, then select Add New User.

Now, we can go back to the Users page and select our original administrator account named user.

Open Dashboard and navigate to Users.

Generate a new password for our original user that will be impossible to guess.

While this is not a supported feature of Wordpress, we can accomplish this in one of two ways.

Using a plugin or manually modifying files to make our changes.

Select Add New to create a new user.

Then you’re able to simply make the same changes again to restore your secured Wordpress login URL.

To begin, you will want a good text editor like Notepad++ that has a strong find-and-replace function.

Once we have this, let’s find our wp-login.php file in our Wordpress root directory.

Generate an impossible-to-guess new password for our original user.

To dive into the find-and-replace module, navigate to Search in the top menu and find Replace.

In this case, I have chosen custom_login to be our newly designated login page.

Select Replace All to replace all occurrences of wp-login.

Find your wp-login.php file in your Wordpress root directory.

preserve your file and navigate back to the Wordpress home directory.

Time to rename our wp-login.php file to custom_login.php.

Now, to test that our change worked, get into the wp-admin directory on your website.

The newly designated login page.

In my case, it is located at http://localhost/wordpress/wp-admin/.

This means our login URL has changed and cannot be found by hackers using a default login URL!

Let’s launch the correct login page now, in my case located at http://localhost/wordpress/custom_login.php.

Rename your wp-login.php file to custom_login.php.

This will keep your login page from being bruteforced by programs looking specifically for the wp-login.php URL.

One step closer to security!

This can happen years later, too.

Open the correct login page now.

To manage updates for Wordpress, navigate to the Dashboard and find Home.

You will be notified of any outdated extensions and given the option to update them here.

You will only need FTP access that has modify rights on the theme, plugin, or Wordpress installation.

Navigate to the Dashboard and find Home to manage WordPress updates.

Patching outdated files is one of the most effective ways to prevent simple takeovers from attackers.

once you nail decided not to use a plugin, go ahead and remove it entirely from your website.

This tool is located at Tools > Export in the Wordpress dashboard.

The most basic form of backing up Wordpress files using the built-in Export tool.

From here, you might manually export posts, pages, media files, or all content.

Alternative methods of backing up your files include exporting the SQL database as a whole.