14 DAY TRIAL // Keeping your WordPress administration panel hidden from prying eyes is a must in today's Internet, full of hackers that are actively seeking and mercilessly exploiting WordPress blogs intentionally.
WordPress' success not only was beneficial to Automattic's accountants and the open source community but has also got the attention of hackers.
With such a large number of installs across servers everywhere on the planet, attackers have an abundance of targets to choose from.
For this reason, it is crucial to take the appropriate steps in keeping our WordPress sites safe, and to do this, the WordPress community has contributed lots of security-related plugins, tutorials, and tips.
Today we share one of our own tips that I, as the editor of this article, have used numerous times to prevent anyone except the original admin user (ID = 1) from accessing the WordPress administration panel.
The plugin's name is WP Admin Block
To prevent anyone from accessing the WordPress backend, we'll need a WordPress plugin called WP Admin Block, that's free and available through WP's plugins repository.
Step 1: To install it, go in the WordPress backend to the "Plugins → Add New" section.
Step 2: Type the plugin's name (WP Admin Block) to search it, and press Install when the results appear.
Step 3: After activating the plugin go to the Tools menu section and choose the WP Block option.
Step 4: Here, you'll be prompted to enter a secret key. Please enter something unique and easy to remember later on. Press "Save Changes" afterwards.
How does this plugin help keep my site safe?
That's it! You've successfully installed and configured the plugin. But what does it do? Here is where things get a little complicated.
WP Admin Block works by redirecting anyone who is accessing the administration panel and isn't the main site admin to the website's homepage.
This is not complicated, the complicated part is that even if you're the site's main administrator, you won't be able to access the administration panel unless you use a "unique" URL.
This special link is in the form of: http://yourwebsite.com/wp-login.php?access=SECRET_KEY, where SECRET_KEY is what you've setup in Step 4.
Here is where the central point of entry to your site's admin panel will be, and we recommend bookmarking this URL or writing down somewhere.
Security-wise the plugin is exceptional, redirecting any snooping user back to the homepage and being an alternative solution when blocking brute-force attacks.
Sure, your site will still be bombarded with thousands of page requests for the admin panel, but no attacker will ever get to touch your login form. EVER!!!
The "Oops... I locked myself out of my own site!" section
But in case you do manage to forget the URL or the secret key, then don't despair, there's a way to get back in your admin panel.
Just connect to the website's host (server) via FTP, access the folder where WordPress is installed, then the /wp-content folder, the /plugins folder, and just delete or rename your /wp-admin-block folder.