Every day on Internet thousands of websites hacked by hackers because of less security. Especially WordPress websites getting hacked every day because it has huge popularity throughout the world. So automatically hackers try to hack WordPress blogs and websites. Here problem comes from with WordPress default admin URL because most of the bloggers and website owners use the default URL which comes after installation of WordPress on database. WordPress already said about this and they recommended changing the default username “admin” to other username. But these precautions don’t stop your website getting hacked from hackers.
So what to do? Here we come up with another approach which increases your WordPress blog/website security 10 times better than before.
How to Install and Configure Lockdown WP Admin Plug-in?
Here is the basic information about how to install and setup Lockdown WP Admin plug-in on WordPress blogs/websites.
- First Login to your WordPress admin dashboard by entering username and password.
- To get perfect results with this plug-in your site must have permalinks.
- Now just navigate to plugins from the sidebar menu and click on Add new option to install new plug-in.
- Type Lockdown WP Admin in the search box and click on Search button to get search results. Click on Install Now Button to install it on your WordPress blog.
- Once the installation process complete, click on Activate Plug-in to activate Lockdown WP Admin plug-in.
- Now Launch Lockdown WP Admin from the sidebar by clicking on Lockdown WP and select Lockdown WP.
- First of all you need to select the box “Yes, please hide WP Admin from the user” and change the admin URL from WordPress login URL section with any name which is not easy to guess by any one.
- In HTTP Authentication leave the field same that means keep “Disable HTTP Auth” as the default option and click on “save options” to save all these settings.
- If you use HTTP Authentication then you need to create secondary WordPress Admin .htaccess password. This secondary password will be useful even if someone guess your secret admin URL too. If you use WordPress Login Credentials then you need to enter primary username and password to gain access secondary username and password.
- Alternatively you can also use “Private Usernames/Passwords “ to set secondary username and passwords from Lockdown WP>Private Users Section.
- To check whether it’s working or not, just logout from the WordPress dashboard. Now enter old WordPress admin URL and you’ll see 404 not found error page. Now on wards you need to use WordPress secret admin URL to login into WordPress dashboard.
Remove WordPress Meta Widget to Stop Exposing Secret Login Url:
Actually professional bloggers doesn’t keep this meta widget on their blogs but if any case you forgot to remove this widget then follow the below steps and remove Meta Widget.
1. Click on Apperance and select Widgets from the menu.Now you will see all activated and deactivated widgets at one place.
2. In Primary Sidebar you’ll have all active widgets,click on Meta widget and delete from the list.
You can check the below screenshot which exposes the secret admin url before removing meta widget.
There is another method to remove meta widget from wp files but all files are restored again if you update your WordPress dashboard.
Now no one can hack your website by accessing WordPress default admin URL.If you have any doubts while installing this process please leave a comment below.
This post was last modified on June 27, 2019 1:08 am