For the administrators of blogs WordPress type a real risk in the security of the same exists, since this platform comes being quite vulnerable to attacks of injection SQL or Ddos (refusal on watch).
We do not have to return to us paranoiac with the security installing tens from plugins that the only thing that does is to consume resources, the best thing always is to have backup of endorsement of files and data base, although if that is recommendable to spend some moments at least to hide the access to the administration panel.
The directory wp-admin of wordpress is the access door to the administration panel, and by defect to enter him we only must direct us to the URL of our Blog of the following way: http://nombredominioblogwordpress/wp-admin.
In order to avoid brute force attacks and Ddos attacks refusal on watch, it is recommended to hide whenever we can this directory. For it several methods exist, is plugins that does it of automatic form, but in my case whenever I can attempt make the things of form manual to avoid that an excess of use of plugins installed in my wordpress brings about a collapse that is reflected in the operation of the same.
As hiding wp-admin of WordPress
- We unload in the premises all our WordPress directory
- We load in the text editor all the files with extension: php, css, js and SQL
For it we can open the window of the explorer and look for by: *.php, *.css, *.js, *.sql and we dragged all the text editor (in my case I use notepad++).
When we have all the files loaded in the publisher we only must look for within them the chains with text wp-admin and wp-login and modify them by the name that we want to use for the new directories of access, for example nuevoadmin and nuevologin.
- Next we will look for in the names of all the files and directories the chain wp-admin and wp-login and replaced only the part of the name where he puts wp-admin or wp-login by nuevoadmin and nuevologin, the rest we left it so what.
- In order to finalize we raised to all the files the servant and sobrescribimos, and now to enter as admin in the Control Panel we must enter of the following way: http://nombrededominiodemiblog/personalizado-admin
If its nucleus of wordpress is updated are careful with these changes, because if theme wordpress this formed as theme child the files in him does not modify, but the rest of files of conf of WordPress that are outside theme and which we have modified will be replaced by the new ones of update, and so we will have to again conduct the operation (even so personally it leaves to me more against the account to return to lose 2 minutes every two months that to have plugin installed that consumes resources continuously to me).
If you decide that you do not want to touch the files of Core de WordPress, either from fear or by laziness, it exists several alternatives in the form of plugins as for example Lockdown WP, of easy configuration and that it does the same exactly.
The one third most professional and perhaps acceptable alternative and is to create your own function, but for this perhaps we will need a little more knowledge.
I hope that this article serves to you as help,
By scar Carrillo