April 3, 2014

WordPress Security: Password Protect Your Login Page

As wordpress continues to flourish as the most popular CMS on the internet, so too does its popularity as a target for hackers who want to gain unauthorized access to your site. Hopefully you’ve read and implemented 5 Quick and Easy WordPress Security Tips, or maybe you’re using one of the popular wordpress security plugins to accomplish an equivalent level of security and that’s great, but let’s take things one step further and add an additional level of security to the wp-login.php of a wordpress site. We will eliminate the possibilities of brute-force attacks and un-authorized login attempts by requiring an additional username and password before the wp-login.php page can be accessed. The user will be asked to enter a user name and password ( Not a wordpress user ) before they will be taken to the native wordpress login page. If the incorrect credentials are entered several times within a few minutes, the users ip address will be blocked, preventing them from ever reach your wordpress login page.

Implementing this feature is relatively simple and can be completed by following the steps listed below:

Create An Encrypted Password

Head over to AskApache and generate an .htpasswd file. After filling in a user name and password, select md5 as the encryption algorithm and a basic authentication scheme will work just fine.

On the following screen you’ll see two blocks of code. One should look like this:

admin:$apr1$p172yfwk$a7Cog1qsKhBJ.BTgqhSdw/

Paste this into a .passwd file you’ll need to create in the root directory ( “/home/username/” ) of your server.

Add To .htaccess

The second block of code should look like this:

< filesmatch "wp-login.php">
AuthType Basic
AuthName "Authorized Only"
AuthUserFile /home/username/.passwd
Require valid-user
< /filesmatch>
ErrorDocument 401 default

This can be pasted into the top of the .htaccess file of the site(s) you’d like to protect. Be sure to replace the file path to reflect where you created the .passwd file in the first step and remove the space before each “filesmatch” tag.

Save both files and you’re all set. You should be prompted for the new username and password before reaching the wp-login page. If the incorrect username and password is entered incorrectly several times within a few minutes, the ip address will be blocked and the user will have never reached the wp-login page.

Filed under:  Tutorials Web Development  ||  Tagged under:
Author:

Dylan Dunlop

When he isn’t honing in on his coding skills, Dylan’s either mastering various styles of guitar playing or bird watching.
Leave a comment
comments powered by Disqus

Base Terminology

SEO is the process of affecting the visibility of a website or a web page in a search engine's un-paid ("organic") search results.
The semantic web refers to the next stage of the world wide web and aims to ascribe semantic meaning to all web content through a collection of systems of classification. This means that, in the future, machines will be able to better understand the content we produce, resulting in better search results, new applications and an Internet that is fundamentally different from the one we use today!
What if each of the objects around you had a unique identifier that can be connected to the Internet? The goal of the Internet of things is to equip all objects in the world with tags that allow them to be digitally organized or manipulated. The implications? Less theft, less waste and the ability to control your surroundings in a manner never before possible.
Conversion optimization is the practice of modifying the parameters of a lead-generating system to stimulate a higher success rate as defined by goals. Most conversion optimization is structured to create an increase in ROI (return on investment). We frequently use multivariate and A/B split testing when optimizing conversion, wherein we test two or more systems at the same time, analyze their performance and deduce precisely what action items will bring us closest to the set goals in the least amount of time.
Market diagnostics or analytics is the process of collecting and analyzing business data — especially consumer data. This allows us to assess and improve the effectiveness of a marketing campaign.
In many applications today, there is such a phenomenal quantity of data available that it's difficult to collect and process with traditional database tools. The field of collecting, manipulating and drawing conclusions from massive quantities of data from a particular source is known as big data.
What started as a CMS (content management system) that was only meant to create and edit blog content has grown at a tremendous rate to become the most ubiquitous system for developing websites on the internet. WordPress accounts for an incredible 15% of all sites on the web.

RT @PicardTips: Picard holiday tip: Religion and commercialism will both fade over generations. Generosity and kindness, however, will endu…

2 weeks ago

RT @PicardTips: Picard programming tip: Don't be fooled. Machines have feelings.

2 months ago

RT @sejournal: What's what in the Google Page Layout Algorithm update? Find out in our latest post from our series of Google's history of a…

2 months ago

Request Our Portfolio





  1. Which option best describes you? *

  2. Are you a key decision maker in the business you represent? *