Securing your WordPress admin page.

[December 05, 2020, UPDATE NOTICE]

This solution below works for me on both of my Shared Webhosting Environment (on both Direct Admin/Cpanel). I also installed new wordpress on my VPS machine and everything works fine. I used CLOUDFLARE for my SSL to make the website secure. However, I read reports that this method don’t works on some websites. I don’t know how or what they did that made their website offline after following this. Therefore to avoid any errors that you might encounter. Please consider not to follow the instructions below. Thanks and I apologize to those who followed this and encounters more errors in their website the reason might be the hosting environment and your setup.

How long have you been using WordPress if I may? Do you have experiences of your website being attack or hacked?
It is a scary experience having your WordPress website hacked. You might lose audiences and the worst being a laughing stock for a while.

The most critical section of WordPress is the administration page.
It is a must to keep it secure all the time.

There are few things to remember to keep or increase your WordPress based website secure. Go ahead and read on.

  1. Keep your WordPress version up to date.
    • Make sure you watch for the latest update especially major once. Major patches improve protection, increase performance, and fixed the possible vulnerability.
  2. Keep your plugin up to date and remove unused ones.
    • Most of the common exploits that are often reported are due to the vulnerability of installed plugins. Be extra careful with your plugins as much as possible use a few essential ones for better performance.
  3. Backup your data daily
    • If you have control over your WordPress files and database make sure you have daily backups especially if your website frequently changes or adding new articles.

Those are a few key reminders that will keep your WordPress website safe. Wait, there is more to that. This last tip is kind of complicated to set up and requires some admin skills. If you need help in setting this up, drop me an email. I’m okay with a few cups of coffee. Carry on reading on how to do it.

I’m sure your heard of VPN right? You can actually use VPN to further increase protection of your admin page.

You need .htaccess help too to make this possible. Please note that this only works on apache, openlitespeed, and litespeed or some other website that read .htaccess files. 

Create an .htaccess file under your /wp-admin/ directory.

order deny,allow
deny from all
allow from xxx.234.xx.56

Please note that the xxx.234.xx.56 block must be your VPN IP address.
After writing the script into the file, try opening your admin dashboard by going to /wp-admin/ if you open it, you should see this kind of error.

If you see the error page, it means that everything went well. Now, try connecting to your VPN. After you log in to your account, try reloading the page. You should now be able to access your dashboard like before.

Tip: Make sure that your VPN has a static IP address, or else you won’t be able to log in if the IP changes.

If you need help setting this up don’t hesitate to contact me on email adress found on our contact as page.