As everyone knows, login page is one of the most vulnerable pages on websites, so to keep login page safe is very important for the success of online business. If someone tells you that there is an exclusive technique which can completely protect your login page, that person must be a liar you can’t trust. Currently, there is no one-step technique which can guarantee the safety of login pages solely, but we find out 5 practical methods that are specific to login page safety. Let’s see them one by one!
Use Weird Username & Strong Password
A technique known as brute forcing is one of the major ways of web attack, which is to attack passwords, trying as many potential passwords as possible until one works. If you just use easy to guess user name and password, when you encounter brute forcing, your site must be a poor victim.
Here, we list out top 10 frequently used passwords, including123456, password, 12345, 12345678, qwerty, 123456789, 1234, baseball, dragon, and football. These passwords are too simple to defend your site login pages against brute forcing.
Therefore, you need use complicate passwords and weird usernames to strengthen your login pages. For WordPress users, especially those new to WordPress, to make it, the first thing you should do is to change your default admin username into an extraordinary username by using Admin Renamer Extended.
As for passwords, you can easy-to-use password generator tools to enhance passwords. Secure Password Generator, LastPass, and Norton Password Generator are recommended. With security plugins, you can enforce strong passwords on all of your users. In case of forgetting passwords, KeePassword Safe and Dashlane password manager are both good tools to retrieve your passwords.
Hide Login Pageand Wp_Admin Page
The second method is to hide your login page and wp_admin page. Because if a hacker want to brute force your login page to get the access to your site, he or she has to find login page at first. If he or she cannot find the login page, the hacker cannot get the potential entry point to your site. That is, you cut the road to your site in front of hackers.
Beside, wp_admin page also need protection. But how? Here we take login.php page as an example to illustrate the details. Many people know that WordPress websites login entry point is at yourwebsite.com/login.php, but when you type webhostingsecretrevealed.net/login.php into the address bar. It doesn’t work! Why? It is because that the login entry is located on a different URL. Likewise, you can hide you wp_admin page by changing the access point on your website to somewhere else, namely changing the login page URL. It is easy to do with WPS Hide Login or Protect Your Admin.
Secure Socket Layer (SSL) is an extra layer of security which can make the information you receive and send between the server and browser unreadable. Even though hackers intercept your information, they cannot read it. So SSL is a good security, protecting your information.
SSL is often used for business portals to protect sensitive information like users’ personal information. Meanwhile, SSL can operate on login pages to make communication process between browsers and servers more secure.
If you need SSL certificate, you can buy it from your web hosting providers. To know which web host offers SSL, please visit WebHosting2Go to check out. After buying SSL, WP Force SSL and Really Simple SSL plugins can both help you setup SSL on your site.
Limit the Number of Login Attempts
To stop brute forcing on your login page, there is a simple technique. Brute forcing works by attempting to get right username and password by trying various combinations over and over again. When the IP address doing brute forcing is tracked, if you can block out it, you can keep your site secure.
Here, we recommend Login LockDown and Login Security Solution, which contain great solutions to protect your login pages, by tracking IP addresses and limiting the number of login attempts.
Two-factor authentication is also known as 2FA or 2-Step Verification. It is a technology providing identification of users by means of combination of 2 different components. Some physical objects, secret code, and physical characteristic of user are the authentication factors of two-factor authentication. When the combinations of 2 components are correct, the process you are operating can be carried out.
Google Authenticator is a plugin working with two-factor authentication via applications installed on mobile devices. It can generate a QR code that you can scan with mobile devices. When you want to log in your site, you need an authentication code generated on your mobile device. It is impossible that hackers can get your physical access to your mobile device, so your login page can be very secure.
We have introduced five methods including using weird usernames and strong passwords, hiding login pages and wp-admin directory, limiting login attempts, as well as using SSL and two-factor authentication on login pages.
However, as we said in the beginning, login page safety cannot be accomplished by any single or several techniques. You should notice that some web hosts mandate these security practices on users. It means you can use a security plugin such as Wordfence or iThemes Security, which also includes many login security features.