To access the wp-admin directory (e.g. my Admin Dashboard) I have to login using my administrator username and my strong password. So, my admin directory is already protected. But I might want additional layers of security to better protect the WP admin directory from hackers. There are several ways to do this, and I can implement as many as I want. I should aim for a reasonable balance between convenience and security – each additional security layer will make it less convenient for me to login. In rough order of inconvenience, least to most:
- Use a CloudFlare page rule to keep bad bots away. I could use Google reCaptcha instead, but that would move the processing load from CloudFlare to my site’s server.
- Obfuscate the login URL using a plugin like WPS Hide Login.
- Limit login attempts using a plugin like Limit Login Attempts Reloaded.
- Two-factor authentication using a plugin like Google Authenticator.
- Add a second user name and password. I can do this most easily using my hosting control panel. There is also a manual method using .htaccess along with a .htpassword file.
Limiting login attempts is pretty much the only one of the above that most everyone seems to agree is a best practice. The others have their fans and detractors. I’m a fan of the first three.
WPPOV supports freedom from Net Neutrality and the GDPR. The Internet of the people, by the people, for the people, shall not perish from the Earth.