WordPress.org

Forums

Securing WP installation (7 posts)

  1. eltioska
    Member
    Posted 4 years ago #

    Hi,

    I've been reading up on securing my WordPress installation and have a few questions:

    First:

    I followed a much-recommended idea of changing the database prefix from "wp-" to something else.

    I'm trying to find how to change the name of wp-login.php but cannot find how.

    So, questions:

    1) How can I change the name of wp-login.php so that I can access the admin area through "mysite.com/comein" for example (instead of "mysite.com/wp-admin" or "mysite.com/wp-login")

    2) Will these (wp-login.php & the database prefix) be affected/changed back to standard on a WP update?

    -------------------

    Second:

    On http://digwp.com/2010/07/wordpress-security-lockdown/ they recommend 5 security plugins, namely:

    WP File Monitor
    WP Security Scan
    Ultimate Security Check
    Secure WrodPress
    Block Bad Queries

    Question:
    Wouldn't so many plugins for the same reason (security) conflict between each other?

    -------------------

    Hope that this question will evolve to help newbies understand a bit more on securing WP installations!

    cheers
    ska

  2. eltioska
    Member
    Posted 4 years ago #

    Part of question 2 above answered:

    2) Will these (wp-login.php & the database prefix) be affected/changed back to standard on a WP update?

    The database prefix is not affected on upgrading (I updated to version 3.0.2 today). Maybe this seems obvious to people who know coding & databases inside out but for people like me who're still learning, it is helpful to state the obvious :o)

  3. Tara
    Volunteer Moderator
    Posted 4 years ago #

  4. eltioska
    Member
    Posted 4 years ago #

    @t-p Thanks, had already read it but read it again to check: there's no mentions of changing wp-login.php & whether it's affected by an update. But it's good to have it here in an attempt to make this thread more comprehensive :)

  5. Tara
    Volunteer Moderator
    Posted 4 years ago #

    May not be exactly what you have in mind, but it does talk about:

    http://codex.wordpress.org/Hardening_WordPress#Securing_wp-admin

  6. eltioska
    Member
    Posted 4 years ago #

    Yeah. What I'm looking for is actually a way to change the name of the wp-login.php file, to make access more obscure & unavailable to automated scripts that would look for a wp-login.php file to log in.

    Password-protecting the wp-admin folder is mentioned, which is a good step, but not the one I'm looking at.

  7. Tara
    Volunteer Moderator
    Posted 4 years ago #

    What I'm looking for is actually a way to change the name of the wp-login.php file, to make access more obscure & unavailable to automated scripts that would look for a wp-login.php file to log in

    I don't know how to do that.

    Perhaps this not what you want, but here is what many people use - they restrict access from only specified IP(s). To do that create .htaccess with the following code and place it in your wp-admin folder.

    AuthUserFile /dev/null
    AuthGroupFile /dev/null
    AuthName "Access Control"
    AuthType Basic
    <LIMIT GET>
    order deny,allow
    deny from all
    # whitelist home IP address
    allow from 00.00.00.00
    </LIMIT>

Topic Closed

This topic has been closed to new replies.

About this Topic