We will explain how to increase the security of the WordPress login screen in order of importance.

Make your password complex

The most important thing to do to prevent unauthorized logins on the WordPress login screen is to make the password for administrator privileges complex.
Hackers use a dictionary of commonly used passwords and programmatically repeat one login enforcement after another to try to log in with administrator privileges. It is also dangerous to use the same or similar user ID and password. It is also possible to programmatically retrieve the WordPress user ID and then try the password itself, or add a number such as 01 to it and try one after the other.

A complex password is one that meets the following criteria

A meaningless string of characters.
At least one alphanumeric character, one uppercase letter, one lowercase letter, and one symbol.
At least 12 characters

↓Such a password would theoretically take more than 80,000 years to break in a brute force attack!

From a password strength testing tool

Attach a capture to the login screen


Adding a capture to the login screen can dramatically reduce the probability that a program will automatically break the password.
If there is a capture on the login screen, the program must solve the capture while still performing brute force login enforcement, and few hackers currently use such sophisticated programs.

Changing the URL of the login screen

Changing the URL of the login screen using a security plug-in or other means also increases the security of the login screen.
Hackers must first examine the URL of the login screen before they can run a login-breaking program on a site with a changed login URL, and in most cases changing the URL will not expose the login URL to hackers.

Countermeasure for XMLRPC.php

WordPress has a mechanism called XMLRPC that allows posts to be added without using the WordPress admin page.

However, the login ID and password are sent to this XMLRPC, and if the submission is not successful, it means that the password is different.

Therefore, it is necessary to take countermeasures such as disabling the XMLRPC function or using security plug-ins to detect and block excessive access to XMLRPC.

In any case, the basis for increasing the security of the login screen is password complexity. It is important to change passwords to ones that cannot be broken even by brute force attacks.

Related Posts:

  1. wordpress Strengthen the security of your wordpress login.
    Take action before you become a victim of site defacement due to WordPress login privilege seizure. What if a login vulnerability allows hackers to seize administrative privileges? The most noticeable change is that the number of WordPress users increases without your permission, which means that hackers have taken over the administrative privileges of your site. By creating users, hackers can...
  2. WordPress Top 5 Security-Risky Operations Ranking
    WordPress hacking has become more and more common since WordPress has been used by many sites around the world. Here we would like to explain in ranking order the most operationally dangerous activities that are most likely to be targeted by hackers. No. 5 – Access to the login screen and xmlrpc.php as many times as you want Hackers can...
  3. Log-in-related security measures alone are not enough to prevent WordPress hacking
    We understand that many sites have installed various security plug-ins to prevent WordPress hacking, but some plug-ins are specialized for the login screen only. These plug-ins do not provide much protection against WordPress hacking. We will explain why....
  4. If I put a security plugin in wordpress, can it be hacked tampered with?
    We know that many WordPress sites have security plug-ins. We will consider how much the possibility of your site being hacked is reduced by installing this security plugin....
  5. What is phishing and what is a fake Google login screen on a WordPress site?
    This section describes phishing that displays a fake Google login screen on a WordPress site....
  6. What security experts recommend in the WordPress security plugin
    There are many security plugins released for WordPress. The following is a list of features that you should have when selecting a security plugin....