Beginning in 2013 there were widespread attacks on WordPress login pages everywhere. The first step is to block all IP addresses except for whitelisted IPs for reaching the wp-login.php page. This has already been done for all OLI WordPress hosting clients, but if your host hasn’t done this yet, here’s how you can protect your login page using htaccess.
But the problem with whitelisting IPs is that your IP number can change… So here’s an additional step:
The Solution is to Change the login URL
We believe this is so important it should be a core feature to choose a unique login URL when installing WordPress. Otherwise the login URL remains open season for hack-bots.
- 1. Install the Plug-In called: Rename wp-login.php
(here’s how to install a WP plugin)
- 2. Go to the Plugin’s settings and choose your new login URL (address). Be sure to make it something unique, save and bookmark it for yourself but don’t share it online
- 3. That’s it! Your WordPress install is much more secure!