{"id":67,"date":"2018-04-24T05:42:37","date_gmt":"2018-04-24T05:42:37","guid":{"rendered":"http:\/\/td_uid_18_5adec3cdb0319"},"modified":"2018-05-29T08:35:00","modified_gmt":"2018-05-29T08:35:00","slug":"how-to-protect-wp-admin-on-your-wordpress-website","status":"publish","type":"post","link":"https:\/\/forumweb.hosting\/blog\/how-to-protect-wp-admin-on-your-wordpress-website\/","title":{"rendered":"How to protect  wp-admin on your WordPress website"},"content":{"rendered":"<p><strong>Login Lockdown<\/strong> (LL) plugin records the IP address and time each time a logon failure occurs. After a number of attempts, LL will temporarily lock the corresponding IP range for a period of time (also set by you in the Admin Dashboard), and the login function will be temporarily disabled for IP access. The corresponding IP range that the LL identifies.<\/p>\n<p>One of the good features in this plugin is &#8220;<strong>mask login errors<\/strong>&#8220;. When you enable this feature, it will hide notifications when someone else logs in as a &#8220;<strong>wrong username<\/strong>&#8221; or &#8220;<strong>wrong password<\/strong>&#8220;, which will more or less discourage the hacker from not knowing. The username or password is incorrect.<\/p>\n<p>It also provides email alerting if someone is trying to login to your website, which will help you quickly detect and implement measures to protect your website. With a log file the whole log information is also a useful reference for you.<\/p>\n<p><strong>Small tip<\/strong><br \/>\n1, After you install the login dialog box at the wp-admin will have the string &#8220;Login form protected by Login LockDown&#8221;, I think should not leave this line because it can be a thing for hackers exploit.<\/p>\n<p>To fix this, open the function.php file in the theme folder and insert the following line:<\/p>\n<blockquote class=\"td_quote_box td_box_left\"><p>\/\/ Remove Login LockDown advertisement from Dialog<br \/>\nremove_action (&#8216;login_form&#8217;, &#8216;ll_credit_link&#8217;);<\/p><\/blockquote>\n<p>2, As mentioned above, if someone logs in too many times, Login LockDown will lock the IP of that person and the message &#8220;ERROR: We&#8217;re sorry, but this IP range has been blocked due to too many recent &#8220;. This will cause the hacker to judge you have used the LL plugin, instead you should change this message to a familiar message when the wrong login &#8220;ERROR: Invalid username or password&#8221;. You can not fight off hacker attacks completely, but it will also reduce the damage if hackers only know little about your site.<\/p>\n<p>To fix this, open the function.php file in the theme folder and insert the following line:<\/p>\n<blockquote class=\"td_quote_box td_box_left\"><p>function login_error_mess () {<br \/>\nreturn\u00a0\u2019ERROR: Invalid username or password.\u2019;<br \/>\n}<br \/>\n\/\/Remove LoginLockDown\u2019s message about IP blocking<br \/>\nadd_filter(\u2018login_errors\u2019,\u00a0\u2019login_error_mess\u2019);<\/p><\/blockquote>\n<p>Also if you do not like to install the plugin then you can add the following to the .htaccess file:<\/p>\n<blockquote class=\"td_quote_box td_box_left\"><p>Order deny,allow<br \/>\nDeny from all<br \/>\nAllow from 192.168.1.1<\/p><\/blockquote>\n<p>This code will only allow machines with IP address <strong>Your_IP_address<\/strong> to access wp-admin.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Login Lockdown (LL) plugin records the IP address and time each time a logon failure occurs. After a number of attempts, LL will temporarily lock the corresponding IP range for a period of time (also set by you in the Admin Dashboard), and the login function will be temporarily disabled for IP access. The corresponding [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":499,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[17],"_links":{"self":[{"href":"https:\/\/forumweb.hosting\/blog\/wp-json\/wp\/v2\/posts\/67"}],"collection":[{"href":"https:\/\/forumweb.hosting\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forumweb.hosting\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forumweb.hosting\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forumweb.hosting\/blog\/wp-json\/wp\/v2\/comments?post=67"}],"version-history":[{"count":9,"href":"https:\/\/forumweb.hosting\/blog\/wp-json\/wp\/v2\/posts\/67\/revisions"}],"predecessor-version":[{"id":498,"href":"https:\/\/forumweb.hosting\/blog\/wp-json\/wp\/v2\/posts\/67\/revisions\/498"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forumweb.hosting\/blog\/wp-json\/wp\/v2\/media\/499"}],"wp:attachment":[{"href":"https:\/\/forumweb.hosting\/blog\/wp-json\/wp\/v2\/media?parent=67"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forumweb.hosting\/blog\/wp-json\/wp\/v2\/categories?post=67"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forumweb.hosting\/blog\/wp-json\/wp\/v2\/tags?post=67"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}