Website Speed Test: Best Free Web Speed Tools To Test Your Website Page Speed
Learn how to run a website speed test, understand results like load time and TTFB, and discover top free tools to improve your site’s performance.
7 minutes
6 Jul
How Can You Secure Your WordPress Login Security?
November 14, 2021
6 minutes
Before we delve into this article, we want you to know that we mean no disrespect to WordPress. WordPress is arguably the best CMS (Content Management System) in the world. It is easy to set up and the most customizable among the rest. That is why we, Digital Treasury, centre most of our web development on the platform.
Nevertheless, we can't argue against WP's predictability – especially on the login page. You don't have to be an expert to know that every WordPress website uses either "/wp-admin.com” or “/wp-login.php" as their login. However, there’s a catch to that.
Your data isn’t safe! How so?
Well, hackers could easily access your login page because they already know the suffixes. And when they add that to your URL, it wouldn't matter if you used alphanumeric plus mixed case letters as passwords. Your credentials and data will be at the mercy of "vicious" bots.
So yes, WordPress' login page isn't safe. Does that mean your entire business might be susceptible to online attacks? Should you migrate from WP? No!
We have several ways to secure WP login pages. In this article, we’ll be sharing them all with you.
5 Different Ways You Can Secure Your WordPress Login Page
Note: By now, we believe that you have installed SSL (Secure Sockets Layer) certificates on your WP site and have used “strong” passwords. If not, you should address those issues! Lastly, before you follow the steps we’ve listed below, ensure you first back up your website.
Create Custom Login Page URL
The simplest way to stop hackers from accessing your WP login page is to change it. But is that even possible? Wouldn’t such a change affect your data?
Yes, it is possible to have a custom login URL with no “admin” or “login” suffix. And no, such a custom URL won’t affect the content of your website.
That said, how can you create a custom URL for your WP login page?
- You only need a plugin to start. However, there are tons of them, and they are all easy to use. But if you ask us, we will tell you to use the WPS Hide Login plugin – its interface is beginner-friendly!
- Now, install the plugin.
Note: We’re using the WPS Hide Login plugin as an example to explain the steps below.
- Scroll to the bottom page of the plugin screen. There, you’d find the “login URL section.” Hit that, insert your new URL and save it.
- Next, try logging into your WP site with the new URL.
Last note: Carefully select who can access your new login URL. And, if any of your team members leave your company, remember to change the URL.
Suggested reading: Top 7 WordPress SEO Plugins To Boost Your Rankings
Hide Username
Even after using a custom login URL, take a step further by protecting your data – hide the username of the registered users on your WP site. Now, you might ask, what does it matter?
Usernames are often displayed on WP sites on blog posts under the author space - and even in the archives. While that might seem harmless, a hacker could turn just that little detail against you. So, before that happens, hide the usernames. How can you do that?
- You will use another plugin for this task. We recommend the popular Yoast SEO – the chances are that you already use it for your SEO.
Note: If you don’t have Yoast, you can use any SEO plugin to hide your username.
- So, go to your Yoast, click on “search appearance,” and disable author archives.
- Next, go to the "users" section, click on "nickname" under the subsection "profile." Now, create a new one.
Nicknames are harmless since hackers can't use them to login into your site: you shouldn't hide those – especially when you have user-generated content!
Also read: How Can You Add User Generated Content To Your WordPress Site?
Reduce The Number Of Login Attempts
You might ask, what if a hacker somehow unearths a username despite your hiding efforts? Well, he still has to enter a password. Now, by default, the hacker would try various combinations until he hit the perfect match. Well, you can cut him short in his tracks. How?
Change WP’s unlimited login attempts to a max of 3. Here is how to do that:
- Again, you will need a plugin for this task - we recommend the WPS Limit Login!
- Install the plugin, then click on the settings and locate "local app." Once you are there, you can set a preferred number of login attempts. More importantly, you'll be able to decide how long a user will stay locked before they can try another sign-in. Ultimately, that would chase off any intruder!
So, what next?
Adopt Two-factor Authentication
Say a hacker was able to guess your WP username and password - what then? In that case, it is time to introduce two-factor authentication. It is a service that sends a code to a registered number when there's any login attempt on your WP site.
With two-factor authentication, no one can assess your site without access to the phone of a registered user. At last, eureka – a method that bots and guestimates can't crack!
That said, how can you add two-factor authentication to your WP site?
- Like the previous methods, you will also need a plugin here. From our end, we’ll recommend MiniOrange’s Google Authenticator!
- So, install the plugin. As soon as you do, you'll see a widget. On it, select the "Google Authenticator" option.
- Now, download the “Google Authenticator” on your phone. Open the app and click on the option to scan QR codes.
- After scanning the QR code, the app will generate a code on your phone. Enter that code on the widget on your WP login page. Voila, your two-factor authentication security layer is now active!
Set Auto Logout
The last step to secure your WP login page is to ensure that you don’t leave cookies behind for hackers. As soon as you’re done with work, log out of the site. But what about when you forget to sign out? Ordinarily, WP will do the needful after two days.
Note: If a user clicks the "remember me" box, it'll take two weeks for an auto sign-out. Unfortunately, that's too long and harmful for your data; you should set your auto logouts! Here is how to do that:
- Download the plugin called “Inactive Logout,” install it, and click on “settings.”
- Search for the “inactive logout” section, then click on “basic management” to set a custom timer for idle timeouts.
And that’s it: how to secure your WP login security!
We hope you find the tips helpful. If you need further help, you only need to contact us.
Articles
Latest blogs &
articles
Who is Digital Treasury?
We're a Melbourne-based digital agency with extensive experience helping Australian businesses build stronger online presences. Our team specialises in web design, development, hosting and SEO services - everything you need to get found online and convert visitors into customers.
Over the years, we've worked across different platforms and industries, giving us the insight to know what actually works for businesses like yours. Whether you're starting from scratch or looking to improve your existing website, we focus on practical solutions that deliver real results for your business.
What types of businesses and industries do you work with?
We work with a wide range of Australian businesses, with particular expertise in healthcare, B2B services, SaaS companies, Registered Training Organisations (RTOs), professional services and e-commerce brands. Our team offers tailored SEO and web solutions that are customised to fit your industry, target audience and business goals.
Where is Digital Treasury located and do you work with businesses Australia-wide?
We are based in Melbourne but we work with clients throughout Australia. Our work is mostly done remotely by video conferencing and emails, which makes collaboration easier regardless of where your business may be based.
What services does Digital Treasury offer?
Our key services include Search Engine Optimisation (SEO), Website Design, Website Development, Website Maintenance and Website Hosting. They are provided either separately or combined, ensuring that we provide you with one reliable source to help establish your online presence for your business.
How do I get started with Digital Treasury?
Getting started is easy. Just contact us for an initial conversation about what you want, your budget and timeframe. We will talk to you about what you need, give advice about the best way forward and provide you with a detailed, upfront proposal.
What makes Digital Treasury different from other agencies?
We integrate our technical skills with honest communication and a strong emphasis on results that will benefit your company. Being a small team allows us to give you personal attention, upfront costs and all the support we would give to our own project.
Do you work with small businesses and startups?
Absolutely. Many of our clients are small businesses and startups looking to establish or improve their online presence. We will make suggestions based on your particular situation and budget needs, providing useful services at affordable prices.
How do you communicate with clients and report on progress?
We are convinced that clear communication should be maintained consistently during any of our projects. In accordance with the chosen service, you will be updated about your project through emails, meetings and detailed reports. We maintain constant contact with you, answering your queries along the way.
How does Digital Treasury structure its pricing?
We keep our pricing straightforward by providing a complete project quote rather than breaking it down into confusing line items. This approach gives you a clear understanding of exactly what you'll pay for the entire scope of work.
Every project is different, so costs depend on your specific requirements and the complexity involved. We'll assess your needs and provide transparent pricing that reflects the full value of what we'll deliver for your business.
Am I locked into a long-term contract?
We believe in earning your trust through quality work rather than tying you down with restrictive contracts. For specific projects like website builds, we'll provide you with a clear upfront quote so you know exactly what to expect.
Our ongoing services like website hosting, maintenance and search engine optimisation work a bit differently - we discuss these on a flexible arrangement basis that suits your business needs and budget.
Can you provide case studies or examples of previous work?
Yes, we can provide case studies and examples of our previous work. Potential clients frequently request these to see concrete evidence of our past successes. They want to understand how we’ve helped similar businesses achieve their goals through SEO and website development. Our case studies typically highlight our clients’ challenges, the strategies we implemented, and the measurable results we achieved, such as increased traffic and higher conversion rates. This builds trust and demonstrates our ability to deliver on our promises.
What types of SEO services do you offer?
We offer a comprehensive range of SEO services designed to boost your online visibility. Our core services include technical SEO fixes, on-page and content optimisation, local SEO for Melbourne businesses, thorough keyword research, detailed SEO audits, strategic link building, and ongoing performance tracking.
Can you guarantee first-page or number-one rankings?
No reputable SEO agency can guarantee specific rankings because search engines like Google use complex algorithms that change frequently. These changes are completely outside anyone's control. What we can promise is our commitment to using proven, white-hat strategies that give your website the best possible chance of ranking well.
Rather than making unrealistic promises, we focus on sustainable SEO practices that build long-term visibility and drive genuine business results. Our approach is about maximising your opportunities for success, not making guarantees that simply can't be kept.
Do you offer local SEO for businesses targeting specific areas?
Yes. Local SEO ensures that your business is found in location-specific search results and map results, making it perfect if you offer your products or services within specific suburbs or locations. We ensure that we optimise your Google Business Profile and your website content for local search.
Do you help with content optimisation?
Yes. Quality and relevant content plays a very important role in effective SEO optimisation. We can optimise your current webpages as well as provide you with some suggestions for creating content based on your keywords.
How much does SEO cost?
Pricing for SEO is determined based on your specific business goals, how competitive your industry is and the amount of work needed to achieve results. We will customise pricing plans depending on budgets while giving you a definite quote right from the start.
How do you decide which keywords to target?
We do extensive keyword research to know how your prospective clients search for information on the internet. After analysis of various parameters like search intent, relevancy, competition and commercial value, we shortlist keywords that resonate well with your products and services.
Do I need to change my website's content for SEO?
Yes, quite often. We recommend refreshing existing content frequently or creating new pieces that better match what your potential customers are actually searching for online. Of course, changes should be carefully implemented with regard to your company’s tone of voice.
What is the contract length for your SEO service?
We ensure that our SEO agreement remains flexible as opposed to being committed to long-term contracts. Even though SEO is most effective when conducted on a continuous basis, we do not mind discussing agreements that work for your benefit.
Is it necessary to hire an SEO agency or can I do SEO myself?
You can surely do basic SEO on your own and we are happy to point you in the right direction. However, SEO is very time-consuming and keeps changing frequently. Hiring an experienced SEO agency will ensure that you get more out of it without having to think about it anymore.
How does backlink building contribute to SEO success?
Backlinks are simply links to your website from another website. Search engines consider backlinks as an indication of credibility and authority. Our approach is to build links to your site through ethical and sustainable methods, building up the reputation of your website in the process.
What does your website design process look like?
We start by understanding your business goals and target audience to ensure your website truly connects with your customers. From there, we develop a web design strategy and create initial designs that we refine based on your feedback. Once you approve the designs, we go ahead to the development phase.
When should I consider redesigning my website?
A redesign is worth considering if your site looks outdated, performs poorly on mobile, loads slowly, is difficult to update or no longer reflects your brand. A modern, well-built website can improve user experience, credibility and your ability to attract customers.
Which CMS platforms do you build websites on?
We specialise in Webflow and WordPress, selecting the most suitable platform for you. WordPress allows for versatility, whereas Webflow gives you a sleek design with easy maintenance. We will suggest the most appropriate choice for you.
Do you provide SEO with your website builds?
Yes. All our websites are developed using SEO guidelines like a clean layout, quick loading speed, mobile optimisation and solid on-page foundation. In addition to that, we have professional SEO service packages that help businesses increase their online presence.
Do you offer ongoing website maintenance?
Yes. We offer website maintenance services to ensure that your website is safe, up-to-date and working properly. This encompasses software and plug-in upgrades, security protection, backups and basic changes to give you a hassle-free experience so that you can concentrate on your business.
Can I migrate my existing site to your hosting?
Yes, we can absolutely handle the complete website transfer to our managed hosting platform without any hassle on your end. Our team manages the entire migration process, ensuring your site moves across smoothly without downtime or disruption to your business.
Can we provide feedback throughout the process?
Absolutely and we actually encourage it. Collaboration is at the heart of how we work, so you'll have plenty of opportunities to review our progress and share your thoughts at every stage. It ensures we're building exactly what you have in mind, rather than guessing what might work.
Will I own my website once it's built?
Yes. After completion of your project, the website will be yours. We believe in absolute transparency when it comes to issues of ownership and accessibility and would gladly take care of your requirements in this respect.
How long does it take to build a website?
The timeline for your website project really depends on what you're looking to achieve. A straightforward business website typically takes a few weeks from start to finish, while more complex builds with custom functionality or extensive content requirements will naturally take longer.
We'll give you a clear timeline estimate once we understand your specific needs during our initial consultation. This way, you'll know exactly what to expect and can plan your launch accordingly.
What kind of support do you provide after my website launches?
We don't go away once we've launched. We provide continuing support, maintenance and hosting to ensure that your website runs at optimum capacity. If you have any queries about how to develop your website, we will be there for you.
