To access the wp-admin directory (e.g. my Admin Dashboard) I have to login using my administrator username and my strong password. So, my admin directory is already protected. But I might want additional layers of security to better protect the WP admin directory from hackers. There are several ways to do this, and I can implement as many as I want. I should aim for a reasonable balance between convenience and security – each additional security layer will make it less convenient for me to login. In rough order of inconvenience, least to most:
- Use a Cloudflare page rule to keep bad bots away. I could use Google reCaptcha instead, but that would move the processing load from Cloudflare to my site’s server.
- Obfuscate the login URL using a plugin like WPS Hide Login.
- Limit login attempts using a plugin like Limit Login Attempts Reloaded.
- Two-factor authentication using a plugin like Google Authenticator.
- Add a second user name and password. I can do this most easily using my hosting control panel. There is also a manual method using .htaccess along with a .htpassword file.
Limiting login attempts is pretty much the only one of the above that most everyone seems to agree is a best practice. The others have their fans and detractors. I’m a fan of the first three.
