wordpress security

September 28, 2016 2.6k views
Apache CentOS

I've installed Wordpress a couple of servers following your best practice tutorials on here. I've got my sites running and now want to secure them. Specifically, I'm trying to hide the Wordpress Admin URL. However, I've tried all kinds of plugins and even modifying the .htaccess directly but nothing work. It hides the wp-admin page but won't redirect to new URL?

1 comment
5 Answers

Hiding the wp-admin is not generally something that is done to secure WordPress and wouldn't provide much in the way of protection but could likely break some plugins.

Some steps that are important to take would include ensuring protection against xmlrpc attacks and taking other initial steps with your server.

To the best of my knowledge, to successfully change the wp-admin URL would require the use of plugins designed for that purpose.

by Jon Schwenn
WordPress is a popular and powerful CMS (content management system) platform. Its popularity can bring unwanted attention in the form of malicious traffic specially targeted at a WordPress site. There are many instances where a server that has not been protected or optimized could experience issues or errors after receiving a small amount of malicious traffic. This guide will show you how to protect WordPress from XML-RPC attacks on an Ubuntu 14.04 system.

You can allow only your ip address to access on wp-admin. check this.

Change your basic username as well, for example instead of leaving it as admin you can use something like lord10 or boss99, etc.
You can as well use different plugins which can give you additional security measures, I use StopWrite as well, it blocks permissions to files and other people can't make any changes to them.
I used listed measures on two of my blogs flappybirdunblocked.us and happywheelsgeek.com and none of them got ever attacked again, before that I had to deal with viruses on monthly basis which is real headache.

Maybe it's not exactly the same topic but anyway if someone knows how can I change the URL of this page on WP - https://www.tankius.com/game/cat-ninja.html

rkmedia You are supposed to upload .htaccess file in your wp-admin folder and allow access only from your ip address. I use the same on my following websites tanktrouble3.club and impossiblequiz2.space

Have another answer? Share your knowledge.