1. Don’t use ‘admin’ username
You have the option to change your admin username into whatever you like. I encourage you to do so. Anybody who tries to get into your WordPress admin section will try with ‘admin’ as a username. If you change it, potential hacker has to hack both username and password. Another way of doing this is, Create a new administrator user, login as that user, and delete your “admin” user account.
If you are running older version of WordPress (which I do not recommend), you can change admin username directly in the database. Open your phpMyAdmin and run this query:
UPDATE wp_users SET user_login = ‘your_new_login’ WHERE user_login = ‘admin’;
2. Install Login LockDown Plugin
Potential hacker will try to break your username/password combination using brute force or dictionary attack on your WordPress Login screen. Login LockDown Plugin will prevent that.
Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel.
You can download Login LockDown plugin from here.
This will surely secure your website login in much better way than before.
3. Install Secure WordPress plugin
There are many places inside your WordPress site that is telling a potential hacker a version of your WordPress installation, as well as other dangerous information.
Secure WordPress beefs up the security of your WordPress […]