To post a new support question, click the Post New Topic button below.
Current Version: 4.9.1 | Sytist Manual | Common Issues | Feature Requests

Please log in or Create an account to post or reply to topics.

Receive email notifications when new topics are posted in this forum.

You will still receive notifications of replies to topics you are part of even if you do not subscribe to new topic emails.

Lock Down Admin Login Page (3 Ideas)

← Back to Sytist forum

David Harris

10 posts

Fri Dec 18, 20 10:42 AM CST

One of the first security recommendations for WP security is to lock down the admin login page to prevent against brute force attacks. One technique is to make it only accessible from approved IP addresses. This is usually handled by changing the .htacess file Another is to use a buggy plugin but that's just one reason why we here don't use WP!

Solution 1:
Add the ability to configure a list of IPs that are allowed to see the admin login page. All others would see an error or 404.

Side note, (and maybe this is a show stopper) there would need to be some notes on how to fix it through the back end if you found yourself locked out because of an IP address change.

Solution 2:
Provide admin page throttling controls to lock the admin page for some period of time after some number of failed attempts.

Solution 3:
Capta on the admin login page.

Tim - PicturesPro.com

16,216 posts (admin)

Mon Dec 21, 20 5:28 AM CST

You can rename the admin folder name to something that would be hard to guess
https://www.picturespro.com/sytist-manual/installation/renaming-the-admin-folder-after-installation/

Tim Grissett, DIA - PicturesPro.com
My Email Address: info@picturespro.com

Trailboy

357 posts

Mon Dec 21, 20 9:27 AM CST

I would appreciate any efforts that could be made to increase the security of our websites Tim.

3 total messages

Please log in or Create an account to post or reply to topics.

This post has been viewed 422 times

Category: Other

← Back to Sytist forum

Loading more pages