Over 74.6 Million websites are powered by WordPress including some popular news websites like TechCrunch and TNW. With such rapidly growing platform, it’s one of the best place for cyber criminals to play around and comprise websites. So, if you don’t want any intruders to get in, here’s a guide to increase security of your wordpress site.
Wp-Admin page the login page of your site is the most affected area. So, it’ll be best to protect it first. There are many security plugin you can try for other cyber attacks. But, here I’d like to show you how you can add 2 more layers of security to your wp-admin page.
Layer 1: Integrate Google Authenticator 2-Step Verification
Google authenticator is a Tool by Google that it uses to authenticate Google accounts through 2-step verification. This tool can also be installed on your log-in page using the Google Authenticator Plugin. It make use of the secret code that you get from the authenticator app on your Android/iPone/Blackberry smartphone. You have to add that code whenever you log-in. But, make sure you install this plugin on Administrator account only, and not on less privileged accounts from where you post. Or else, it may time consuming every time you login for posting an article.
So, now let’s have look over the app on how to use it.
Activate the plugin after installing and head over to your profile settings (User > Your profile). There you’ll find settings for Google authenticator. Check the box against active and relaxed mode. Add description to identify your blog on the smartphone app. Now download the google authenticator app.
In the app hit begin setup and under the manually add account choose scan QR code. Or else you can add the secret key that you see in the settings on wordpress. Click on show/hide QR code and scan it. It’ll automatically add your WordPress blog with provided description name. Now, you’re all set. Let’s test.
Log out and in the Log-in page you should see authentication field in the login box. Now, open the Authenticator smartphone app and add the authentication code. The code will run for 30 seconds by default. Above on checking the relaxed mode will increase the time.
So, now you’ve added the first security layer. Let’s head to the second one.
Layer 2: Password Protect wp-admin page.
This layer can only be applied if you have a self hosted wordpress blog. This will actually add another lock to the account. Here the user will have to add a password to access the page. This security layer has been added by many popular blogs. So, even to access the page you’ll need a password.
Actually, we’ll password protect the whole wp-admin folder. So, let’s see how you can do this.
Get to the control panel of your hosting account (All Tech Flix is hosted on bluehost) and under the security section you should see option to Password protect directory or Directory Password. All hosting companies give this feature.
Now, select your website’s root folder and open it. Now, select wp-admin directory because that’s the what you want to password protect. And you’ll see a new screen as shown below.
Here, add name the directory and check the box to password protect it. Below, you’ll get the fields to add username and password to that page.
After setting the things up hit add authorized user. Now, your wp-admin page and directory is password protected. So, whenever anyone visits the wp-admin page he’ll get a pop-up asking the username and password, which is only known to you.
Bonus tip: Being a website user, you must ensure the security of your users’ data. To protect data, enable HTTPS protocol by installing an SSL certificate on your website. SSL certificate encrypts the data between web server and web browser.