Securing WP installation

eltioska
(@eltioska)

13 years, 4 months ago

Hi,

I’ve been reading up on securing my WordPress installation and have a few questions:

First:

I followed a much-recommended idea of changing the database prefix from “wp-” to something else.

I’m trying to find how to change the name of wp-login.php but cannot find how.

So, questions:

1) How can I change the name of wp-login.php so that I can access the admin area through “mysite.com/comein” for example (instead of “mysite.com/wp-admin” or “mysite.com/wp-login”)

2) Will these (wp-login.php & the database prefix) be affected/changed back to standard on a WP update?

——————-

Second:

On http://digwp.com/2010/07/wordpress-security-lockdown/ they recommend 5 security plugins, namely:

WP File Monitor
WP Security Scan
Ultimate Security Check
Secure WrodPress
Block Bad Queries

Question:
Wouldn’t so many plugins for the same reason (security) conflict between each other?

——————-

Hope that this question will evolve to help newbies understand a bit more on securing WP installations!

cheers
ska

Viewing 6 replies - 1 through 6 (of 6 total)

Thread Starter eltioska
(@eltioska)

13 years, 4 months ago

Part of question 2 above answered:

2) Will these (wp-login.php & the database prefix) be affected/changed back to standard on a WP update?

The database prefix is not affected on upgrading (I updated to version 3.0.2 today). Maybe this seems obvious to people who know coding & databases inside out but for people like me who’re still learning, it is helpful to state the obvious :o)

Moderator t-p
(@t-p)

13 years, 4 months ago

documentation: http://codex.wordpress.org/Hardening_WordPress

Thread Starter eltioska
(@eltioska)

13 years, 4 months ago

@t-p Thanks, had already read it but read it again to check: there’s no mentions of changing wp-login.php & whether it’s affected by an update. But it’s good to have it here in an attempt to make this thread more comprehensive 🙂

Moderator t-p
(@t-p)

13 years, 4 months ago

May not be exactly what you have in mind, but it does talk about:

http://codex.wordpress.org/Hardening_WordPress#Securing_wp-admin

Thread Starter eltioska
(@eltioska)

13 years, 4 months ago

Yeah. What I’m looking for is actually a way to change the name of the wp-login.php file, to make access more obscure & unavailable to automated scripts that would look for a wp-login.php file to log in.

Password-protecting the wp-admin folder is mentioned, which is a good step, but not the one I’m looking at.
Moderator t-p
(@t-p)

13 years, 4 months ago
What I’m looking for is actually a way to change the name of the wp-login.php file, to make access more obscure & unavailable to automated scripts that would look for a wp-login.php file to log in

I don’t know how to do that.

Perhaps this not what you want, but here is what many people use – they restrict access from only specified IP(s). To do that create .htaccess with the following code and place it in your wp-admin folder.
```
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist home IP address
allow from 00.00.00.00
</LIMIT>
```

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Securing WP installation’ is closed to new replies.

Securing WP installation

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics