As It is very difficult to get a comprehensive and easy to understand answer to the question, that How do I secure my WordPress site? since we all know that no doubt that WordPress is decidedly one of the biggest blogging platforms in the world today. Even though it is not a free platform, the professional manner of this platform is what makes it more popular. And that is the reason why a lot of online business entrepreneurs are using WordPress.
Being one of the most popular platform, WordPress is targeted by hackers all the time. Since WordPress relies on PHP, MySQL, plugins and themes, and it’s not so tough to find a vulnerability in any existing poorly coded theme or plugin. Even, at times when WordPress rolls out new version, we often see a security exploit. So before I share few plugins to secure WordPress logins, let me clear few points about WordPress security and also here I’m linking to some of the previous articles, which will help you to make your blog more secure:
- Don’t use default admin username. I.e: admin (Learn How to change default WordPress username)
- Always use updated version of WordPress
- Download plugin from official WordPress plugin repo or trusted developers.
- Never use nulled or hacked WordPress theme
- Make sure your plugin and theme folder is not visible to public.
Here are few articles from past, which will help you to tighten your WordPress blog against hacking:
- Top WordPress Security plugins to Check hacked WordPress blog
- 7 Essential WordPress security tips
- 9 Steps to secure WordPress blog
Here at ShoutMeLoud, we have talked a lot about WordPress login security and specially, when you are running a multi-author blog or a guest blogging enabled blog, you need to take extra steps to secure WordPress login page. I’m sure most of the bloggers have heard about Login lockdown plugin or conditional captcha plugin, which is one easy way to safeguard your WordPress login from bruteforce attack. Now, lets assume you have a blog with single author (You) and you want to make sure that your login security is top notch, how would you do that?
How to use Login Dongle to Secure WordPress admin login?
If we say that Blog on WordPress would be 100% secure that is not possible at all as if a hacker is desperate to hack your Blog then there is no way out but still we can make it secure at some level using a few Plugins one among them is Login Dongle . As we go to WordPress plugin repository we could find almost 22k+ plugins out of which there are more than 1000 plugins are related to security with different kinds and purposes .
Let’s get back to the topic Login Dongle is a plugin that takes a very unique approach to protect your WordPress Blog, It generates a book marklet with a secret question that you can add to you bookmarks. Let’s check out its working :-
Just after you’ve completed with installing this plugin you need to go to the plugin page under Settings and you’ll be followed by the screen you can see above. Now you need to type the message that an individual will see even if he got your WordPress Blog’s Username & Password and tries to login into it without pressing the bookmark that you’ll drop in your Browser’s bookmarks links. for ex. you can write here any line that you want a failed login person(generally Hacker) will see. You can also add html links of your homepage of images in this box .
Next Step : Now,you need to go to your WordPress Blog’s profile and you will see the screen shown in image Below:-
Now, you have to fill the Challenge & Response columns with a question and a answer of that like in the Challenge field you can write “What are You Doing Here?” & in response field you can write “logging into my Dashboard” you can understand it properly by viewing image below:-
Next step navigate below and click on Update Profile button ,Now again open your WordPress Blog’s profile and below the Challenge & Response you can see a new field of Generated Codes with following sub-options
- Raw bookmarklet
- Encoded bookmarklet
- XM–RPC end point
Now , you can choose any link from these options ” I use the Encoded bookmarklet ” you just need to drop the link in your Browser’s bookmark link list and now its time to test that is it working or not ? just Logout from your admin panel and try to login again with your username & password and click on Login button, you’ll not be able to login now and you will see a new window with the message you’ve typed at the very first step looks like this :-
now again go to the wp-admin page of your WordPress Blog and write your Username & Password like you always type and now click on the Link which you’ve dropped into your Bookmark’s tab and you will see a popup window with a message that the page at ayushjain.info(imaginary) says below that you will see the text you’ve put in Challenge Box now all you need to do is to fill the Response text and hit enter ,That’s it now you’ll be redirected to your Dashboard successfully and added an Extra Shield to your WordPress Admin Panel :)
2 More WordPress plugins to Secure WordPress login:
You can also Use two other great Plugins for securing WordPress login page :-
The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry. You may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on your Gmail or Google Apps account. The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.
This plugin enables Duo Security’s two-factor authentication for WordPress logins. Duo provides simple two-factor authentication as a service via:
- Phone callback
- SMS-delivered one-time passcodes
- Duo mobile app to generate one-time passcodes
- Duo mobile app for smartphone push authentication
- Duo hardware token to generate one-time passcodes
These are few of the options to add an extra level of security in your WordPress login page. Though, I find the Login dongle as the best option to secure WordPress login for a single authored blog. Depending upon how you use your WordPress blog, you can pick any of these above mentioned Login security plugins to make your blog secure from Hackers.
Do let me know which WordPress login security plugin are you using on your blog? Also, if you find this article useful, don’t forget to share it on Facebook and Google plus.
This is a guest article by Ayush Jain from AyushJain.Info. If you would like to write for ShoutMeLoud, check our guest submission guidelines.