WordPress’ default login URL is /wp-login.php (or you can just type in /wp-admin/ and it’ll redirect you there if not yet logged in). For example: http://www.example.com/wp-login.php. You may think to yourself, “OK. So what! Who cares?”
There are 3 reasons you should care; and all of them are big ones:
- WordPress is the most widely utilized website and blog development software. By default install it creates a user login page for site administration. By looking at your source code I can tell you are using wordpress and so can any hacker. You can look at the page’s source and see things like /wp-content/themes/style.css or /wp-content/plugins/…, etc. Once I know your site is a WP site, I now know your login URL is /wp-login.php.
- So now I know your login url. If I take a look at your posts I can get a user name from the content creator tag. If that user is an admin, BINGO – I have a login name. By default wordpress creates one with the username – admin. I’ll try that first. As for your password, any brute force script found everywhere on the internet will suffice. Just let it run. Now it’s a matter of guessing your password.Even if you don’t have an “admin” username and you have a strong password (and preferably use a password manager to login so your keyboard’s keystrokes aren’t being logged), the hackers are not aware of this so they’ll just keep trying forever and ever, wasting your server’s resources and possibly taking down your site.
- (P.S. I hope you’re logging in with HTTPS so your password isn’t sent “in the clear” when logging in.) SSL Certificates are available from $36.00 and change a year from COMODO. Many web host providers give you one for free with your hosting package. An SSL certificate helps to protect sensitive information such as logins, passwords, account details and cardholders information for e-commerce websites during Internet communication. Basically, Internet is a chain of computers, and every computer which takes part in data transfer from source to destination can read and recognize unencrypted information. The main idea is that all information is encrypted before being submitted, and only the web server and website visitor have personal keys to decrypt and recognize it. Encryption prevents eavesdropping and tampering information by hackers and identity thieves.
Did any of that sound like fun? I bet not, but it’s important stuff. At the least, I hope I’ve scared you into reading the rest of this how-to post because the solution is quick, easy, and painless, and anyone who can install and activate a plugin can do it.
Tips and Tricks All In One WordPress Security and Firewall Plugin
The All In One WordPress Security and Firewall is the ultimate security plugin that will take your WordPress site’s security to a whole new level. This security plugin offers the latest recommended WordPress security practices and techniques as easy to use features. It is designed and written by experts with the user in mind. You don’t have to learn complex htaccess rules to apply good firewall rules to your site anymore
Therefore it is very important to add some extra security and firewall to your site by using a plugin such as this one which enforces many crucial security practices on your site. All In One WP Security and Firewall also uses an unprecedented security points grading system to measure how well you are protecting your site based on the security features you have activated. The security and firewall features are categorized as “Basic”, “Intermediate” or “Advanced”. This allows you to safely enable a group of security features without breaking functionality of your site as soon as you activate the plugin.
The dashboard will also highlight the most important features which you should apply to your site to achieve a minimal acceptable level of security. These are displayed in a panel which also shows whether they are currently active or not. Use extreme caution when implementing some of the advanced settings. If you aren’t sure, google what you are considering and find out first and foremost. Other than that, this plugin is an excellent and effective way to secure your website investment.