The safest approach is to protect his block unauthorized use of a log. Htpasswd authentication.
The default login page of WordPress is not safe, because hackers have programs, wahrlos try the passwords. If then the login name is known, because at the WordPress name of the author is among the most blog posts, you should attach importance to safety.
In any case, the error messages are automatically switched off when the wrong password or login incorrect, what dangerous clues. For it must be entered following code in the functions.php:
add_filter( 'login_errors', create_function('$a', "return null;"));
I recommend a .htpasswd Protection for the /wp-admin/ – Directory create.
The .htaccess File is also in the Root – Directory, For example,:
The required root path can be determined following dimensions:
In the. Passwd login and password come in the form gehachter. The best htpasswd Generator for use and record the data in advance.
The read access should be based on 0444 be set for these two files, so you can not be overwritten or deleted.
Another useful feature is the read access to critical files and all php files in the limit “Head” .htaccess:
deny from all
This is particularly important, to hacker bots off to during, proceed the following mass:
Search in the Web pages for specific WordPress pages and used unsafe plugins, e.g.. I have tracked these requests, which suggests the plugins vulnerabilities:
(These themes or. Plugins when not used)