Tip 4 Encrypt Your WordPress Login - Administration
As of 2011, WordPress is still the most popular blogging software for websites. Due to the number of users and popularity of WordPress, it is also the most attacked blogging platform. You might hear a lot about “hacked” WordPress websites on the Internet. There are a lot of WordPress security guidelines being released. This article will examine some basic and standard tips that can still be applied today. If you are a WordPress user and a webmaster, then this guide will definitely be helpful to you.
A standard way of encrypting the logins is to use secure protocol HTTPS. However, this can be both expensive and technical for beginning webmasters to install. The simplest way you can still encrypt the WordPress login is to use the "Semisecure Login Reimagined" plugin: http://wordpress.org/extend/plugins/semisecure-login-reimagined/
Why do you need to encrypt your WordPress logins? When you log in, your browser sends the data to the server in plain text. This means that your username and password information travels over the Internet in a plain text format that anyone can understand -- and anyone can snatch it using network packet sniffing tools. These usernames and passwords can then be used by those with malicious intent to exploit your website.
Below are the steps you need to take to install and configure the "Semisecure Login Reimagined" plugin.
Once downloaded, right click on the package and click "Extract here."
This will extract the folder named semisecure-login-reimagined.
Upload this folder to the wp-content/plugins directory of your WordPress website.
Log in to your WordPress admin panel and then go to the "Plugins" section.
Activate the Semisecure Login Reimagined plugin.
Under "Settings" click the "Semisecure Login" link.
You need to generate a strong key. Under the "number of bits," change "2048 bits" to "3072 bits," and then click "Generate Key."
Once it's completed, change your WordPress admin password by going to "Your Profile" under "Users."
Log out from the WordPress admin panel and clear your browser cache and entire history.
Try logging in with your new WordPress admin password. This time, this password is encrypted on its way to your WordPress website server.
Tip #5: Back Up WordPress and Update Core Files
This is very important. Once you see a warning in your WordPress admin dashboard telling you to update because a new WordPress version has been released, you need to update your core files immediately -- provided you have completed backups of your WordPress database and theme files.
It is advisable to install your WordPress on a local web server, such as XAMPP in your computer. And then you should use your backup database and files. The objective is to test whether you have a fully working WordPress backup.
Despite your efforts to provide encryption and security to your admin directory, things can still go wrong if you fail to take care of your WordPress admin logins.
Below are some important guidelines on how to protect your WordPress admin logins inside and outside of your computer:
1. Never upload a text file or any document file (such as MS office documents) containing a password online, or in your server, or any place in the Internet.
This is very risky, because search engines like Google are known to index hideous places in your server. And of course, malicious users can mine your password in the Google index. Even in 2011, you can still find a lot of WordPress websites where the administrators are not aware that their passwords are being published online through a document file, etc.
2. Never share admin login credentials with the other members of your team. The best rule of thumb is that only the team leader has the admin logins. This will minimize the occurrence of password leakage on the part of your team.
3. Put your admin password in a safe place. The most recommended safe place is KeePass: http://keepass.info/ , which will store the password in an encrypted database.
4. Change your admin password once every three months. This is a good security practice that is even applied by most online banks.
Tip #7: Read the Final Advice on WordPress Security