Top 10 tips to protect WordPress admin area

Top 10 tips to protect Wordpress admin area

WordPress sites have an admin page where the user panel or interface exists for the owner. Protecting the admin area where the owner applies his or her identity and securing it is an important task. For a WordPress site there are numerous plugins available for the purpose while many other tips and tricks also exist. In this article, we would discuss the top 10 tips to protect WordPress admin area.

Login links

For using admin panel in WordPress the correct procedure ensures a url and possible hacks can happen when the passwords being used are same.  An easy alternative is a plugin called the “Stealth Login” for creating custom URLs. It provides a stealth mode preventing users to access admin area directly. The login URL can be set “cryptic” and thus protects from attempts or break-in into the admin area.

Login attempts

Creating a divergence from usual break in the hackers could use a script to easily read your password. For this the user or owner of WordPress site can use a plugin called the “Login Lockdown”. This plugin has the functionality of locking a user out of admin if they have entered the login incorrect more than the specified number of times. The plugin then locks user for a time period.


The file contains access data and settings for WordPress database. It needs to get effective to protect the admin console. Therefore following amends must be set:-

  1. Security keys

WordPress has an inbuilt set of passwords which are overall four and must be lined up by the user using strings. These must be set up in the exact configuration file.

  1. Table prefix

It is an internal function where the value of the prefix is installed by software. Only the prefix cannot be the standard “wp_ “. A cryptic label or prefix must be entered.

  1. SSL encryption

Enables protection of admin area by encryption. A list of command line like following can be used: define (’FORCE_SSL_ADMIN’, true).

  1. Similarly other important configuration aspects must be taken from WordPress codex and applied.

IP address

The owner of WordPress site can limit access to the admin panel from where only specific IP addresses can attempt access. Therefore the admin panel gets effectively supported by creating an “.htaccess” file for the folder for admin. It requires a certain coding to be effective. While this is a technique for engaging IP address, once it is set it can only be effective for that IP. For accessing from another place the new IP must be entered into the “.htaccess” file.

Stronger passwords

Passwords are the main area of weak linkage to the admin area security. Passwords are not taken effectively for generating authenticity. Therefore many sites report hacks due to incorrect or reckless passwords. WordPress has a light indicator for the password strength where the strength is indicated for by colors.

SSL logins

Whenever the admin login page is SSL encrypted it follows the fact from where the session URLs would show https://. Once the shared URLs get confirmed oran SSL certificategets authenticated, the code for configfileisaddedtosecure SSL. Alternatively “AdminSSL” forces SSL for all pages which are highly effective and much better. This plugin goes well with version 2.7 only.


The username must not include the word “admin”. This word has been linked and used in various hacks and must not be used for it creates difficulty in assigning admin roles and functions. It should be something that is not obvious. It is recommended that the admin user console be altogether deleted such that the hacker is unable to hack or access again.


It is essential to get the backup done for the WordPress site. This allows the owner of the site to have better preparation such that hacks or break-ins do not happen. Various backup resources are available in form of plugins for WordPress site.

Regular updations

Regularly updating the site from the latest versions available in the market helps ensure the site quality to be protected from hacks. Regularly updating the scans and virus checks on the WordPress site must be pursued.


A generic answer to hacks and attempts for break-in is the use of antivirus. It is a smart and easy solution where the protection comes readily in form of manual testing and daily automatic checks.


Admin area for a WordPress site can easily be protected by applying numerous plugins, updates and other tricks. In this article, we have discussed the top 10 tips to protect admin area for a WordPress site. Readers of the article are invited to submit their comments and views.

Charu Garg is associated with WPIntegration offering services like PSD to Wordpress theme conversion , Wordpress Integration and other wordpress theme design services.(Its a specialized division of Ipraxa – A web design and development company). You can subscribe to our Blog RSS or follow us on Facebook, Google+ , or Twitter for updates on Wordpress conversion and Integration service.