To prevent your WordPress website from the hacking attacks, it’s essential for you to limit the login attempts and even further secure your website by installing some anti-spambot solutions. When it comes to spam bots posting hundreds of comments to your website can be restricted by limiting their IP address.
In case, if they send comments from multiple IP addresses then you must change the coding in your wp-login.php file to restrict the unauthorized users from accessing it.
This tutorial clearly shows all the relevant information required to limit the IPs from accessing your wp-login.php file. To run this procedure, you need to have some coding idea and even beginners can give it a try if they really intend to make their website spam-free.
The procedure goes like you must access your core .htaccess file and place the below given piece of code at the top part of the .htaccess file.
Never forget to substitute the IP address of unauthorized users with your own IP address. If it’s not done properly, you may see some changes in the styling of wp-login.php.
Vital tips to protect your WordPress Admin Area from hackers:
Here are few key tips that can be implemented on your WordPress website to harden the security of your website.
Craft custom login links – you can utilize a plugin named Stealth Login to successfully create the custom links for users to login, logout, register and to even access the administration area if given rights by the site’s administrator.
Choose a strong password – intruders can easily break into your website if you set a common password. Instead, you can create a new password by making a good combination of special characters, numbers and alphabets which makes difficult for the hackers to break it.
Secure login pages – you must create a SSL certificate for your website or login page. It can be created by you or it can be directly acquired by reaching your web hosting provider. You can further use a plugin named Admin SSL which forcibly adds SSL to all your web pages.
Change username – you are suggested not to use ‘admin’ as your username, instead you can set a unique name as your WordPress username. The common usernames that most of the WordPress site users hold are quickly linked to the Brute Force Attack.
