You are reading the article 4 Of The Best Tips To Secure Your WordPress Login Page updated in November 2023 on the website Cancandonuts.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested December 2023 4 Of The Best Tips To Secure Your WordPress Login Page
If you’re running a small blog or website for your small business, you probably think that your site won’t be targeted by hackers and that you don’t have to take measures to secure your sites. The bad thing is most of the attacks online are automated botnets, and they don’t really care if you are running a small or big business.
In this article we will show you some of the security measures you can take to secure your WordPress login page.
1. Integrate Two-Factor AuthenticationTwo-step or two-factor authentication has now become an inevitable step to secure any online account. Users mainly use this security layer for their most important online accounts. It’s time you enable it for your WordPress site.
The plugin we recommend is Google Authenticator because it’s frequently updated, and it’s easy to set up. Before getting started, make sure you download the Authenticator App on your mobile device. It’s available on Android, iOS, and Blackberry.
1. Install the Google Authenticator plugin and activate it.
This code changes every ten seconds, so you have to add it in that time period. Whenever you log in to your WordPress site, keep the Authenticator app open on your device. Keep in mind you only have ten seconds for entering the code and hitting the Login button.
2. Make Use of Security PluginsThere are plenty of security plugins out there, but the list below contains those that are meant for protecting the Login Page.
WPS Hide Login: the default WordPress page is “wp-login.php.” With this plugin, you can change the login page to a custom URL of your choice.
WP Limit Login Attempts: This plugin works as a defense against brute force attacks. It lets you set the number of login attempts for a user. If the user fails to log in in the given number of attempts, then the user’s IP will be temporarily blocked from the site. Apart from that, it also adds a captcha verification to get rid of the bots.
Loginizer: This is an all-in-one plugin to protect your login page from brute force and other attacks. It has Two Factor Auth, reCAPTCHA, PasswordLess Login and many other security features specifically for login.
3. Allow Only Certain IP Address to Access the Login pageIf there are only a few users for your site, you can add a whitelist of IP addresses that can access the login page. To do so, you just have to create a “.htaccess” file in your “wp-admin” folder (using the cPanel of your web host).
Add the following code to the newly created “.htaccess” file:
AuthUserFile
/dev/null
AuthGroupFile
/dev/null
AuthName
"WordPress Admin Access Control"
AuthType
Basic
order
deny
,
allow
deny
from
all
# Ab's IP address
allow
from xxxxxxxxx
# Ketul's IP address
allow
from xxxxxxxxx
# John's IP address
allow
from xxxxxxxxx
4. Switch to HTTPSIf you really care about the security of your WordPress site or blog, then HTTPS is the protocol you should definitely upgrade to. HTTPS basically encrypts the connection between your web browser and the web server, making it difficult for an attacker to spoof over the data that is being transferred. It can protect you from a malicious script hidden on your computing device, a script that can steal data from login forms and other input fields.
ConclusionProtecting your WordPress login page is the first step to ensuring your site is secured. With the steps mentioned above, you will have a sturdy login page that can withstand a brute force attack and most of the hacks out there.
Abhishek Macwan
Abhishek is a Freelance Tech blogger and an avid coder. He's an Android Freak and loves customizing and fixing all things digital. You might also want to check out his blog where he shares his love for Tech.
Subscribe to our newsletter!
Our latest tutorials delivered straight to your inbox
Sign up for all newsletters.
By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time.
You're reading 4 Of The Best Tips To Secure Your WordPress Login Page
How To Password Protect The My Activity Page Of Your Google Account.
If you are someone who is quite security conscious, especially with your Google account. This article will show you how to password protect your Google account My Activity page. The page where Google stores all the information about your usage including everything you say or ask your smart speakers.
Related: The importance of professional website translation. Why does it matter?
Your Google account is probably one of the most secure accounts you own with a solid password and two-factor authentication (2FA) enabled. But there is one gaping hole in the entire Google account system though… The fact that it is always logged in on every system and device and only asks for your password for a very limited number of tasks. Making a purchase or changing your password for example.
For instance, if you were to leave your device unattended it is quite possible to view your entire Google account Activity History, which usually includes a ton of personal and private information. Things like your location history, what you’ve asked your smart sparker and even your home and work information.
Thankfully, in a recent update, Google has identified this loophole and added an option for this page to be password protected, however, it isn’t enabled by default. So you’ll need to dig down into the menus and enable the feature manually. Although it doesn’t take long to enable, it can be a little tricky to find, so follow along as we guide you through the process of password protecting your Google account activity page.
Quick steps to password protect your Google My Activity page:
Open a browser and visit the Google Account My Activity Page.
Change to the Require Extra Verification option.
Enter your account password.
That’s it your Google My Activity page is password protected.
How do you password protect the My Activity page of your Google account?
In order to password protect the My Activity page of your Google account, you’ll need to do the following.
To begin, head on over to the Google My Activity page for your account, you can find it manually by going through your account or you can go straight to it using the link here.
Once the feature has been enabled, you’ll be asked to enter your password whenever you enter the activity page and want to view more information about any of the categories. Although a lot of people are disappointed that this process doesn’t use an entirely different password or PIN I personally find that this is a decent solution. Alternatively, you could just sign out of your account regularly. While you are here, make sure you read our guide on creating a backup of your Google Authenticator (2FA). If you don’t currently have a backup, you’re asking for trouble.
How To Use Yubikey – A Secure Login For Local Account In Windows 11/10
Users can use hardware security keys, manufactured by Swedish company Yubico to log into a Local account on Windows 11/10. The company recently released the first stable version of the Yubico Login for Windows application. In this post, we will show you how to install and configure YubiKey for use on Windows 11/10 PCs.
YubiKey is a hardware authentication device that supports one-time passwords, public-key encryption and authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols developed by the FIDO Alliance. It allows users to securely log in to their accounts by emitting one-time passwords or using a FIDO-based public/private key pair generated by the device. YubiKey also allows for storing static passwords for use at sites that do not support one-time passwords. Facebook uses YubiKey for employee credentials, and Google supports it for both employees and users. Some password managers support YubiKey. Yubico also manufactures the Security Key, a device similar to the YubiKey, but focused on public-key authentication.
YubiKey allows users to sign, encrypt, and decrypt messages without exposing the private keys to the outside world. This feature was previously available only for Mac & Linux users.
To configure/set up YubiKey on Windows 11/10, you’ll need the following:
A YubiKey USB hardware .
Yubico Login software for Windows.
YubiKey Manager software.
All of them are available on chúng tôi under their Products tab. Also, you should note that the YubiKey app does not support local Windows accounts managed by Azure Active Directory (AAD) or Active Directory (AD) as well as Microsoft Accounts.
YubiKey hardware authentication deviceBefore installing the Yubico Login for Windows software, make a note of your Windows username and password for the local account. The person who installs the software must have the Windows username and password for their account. Without these, nothing can be configured, and the account is inaccessible. The default behavior of the Windows credential provider is to remember your last login, so you do not have to type in the username.
For this reason, many people may not remember the username. However, once you install the tool and reboot, the new Yubico credential provider is loaded, so that both admins and end-users have actually to type in the username. For these reasons, not only the admin but also everybody whose account is to be configured via Yubico Login for Windows should check to ensure that they can log in using the Windows username and password for their local account BEFORE the admin installs the tool and configures end-users’ accounts.
It’s also imperative to note that, once Yubico Login for Windows has been configured, there is:
No Windows Password Hint
No way to reset passwords
No Remember Previous User/Login function.
Additionally, Windows automatic login is not compatible with Yubico Login for Windows. If a user whose account was set up for automatic login no longer remembers their original password when the Yubico Login for Windows configuration takes effect, the account can no longer be accessed. Address this issue preemptively by:
Having users set new passwords before disabling automatic login.
Have all users verify they can access their accounts with username and their new password before you use Yubico Login for Windows to configure their accounts.
Administrator permissions are required to install the software.
YubiKey InstallationFirst, verify your username. Once you have installed Yubico Login for Windows and rebooted, you will need to enter this in addition to your password to log in. To do this, open Command Prompt or PowerShell from the Start menu and run the command below
whoamiTake note of the full output, which should be in the form DESKTOP-1JJQRDFjdoe, where jdoe is the username.
Download the Yubico Login for Windows software from here.
Accept the end-user license agreement.
In the installation wizard, specify the destination folder location or accept the default location.
Restart the machine on which the software has been installed. After the restart, the Yubico credential provider presents the login screen that prompts for the YubiKey.
Because the YubiKey has not yet been provisioned, you must switch user and enter not only the password for your local Windows account, but also your username for that account. If necessary, you may have to change Microsoft Account to Local Account.
After you have logged in, search for “Login Configuration” with the green icon. (The item actually labelled Yubico Login for Windows is just the installer, not the application.)
YubiKey ConfigurationOnly accounts that are supported can be configured for Yubico Login for Windows. If you launch the configuration wizard, and the account you are looking for is not displayed, it is not supported and therefore not available for configuration.
During the configuration process, the following will be required;
Primary and Backup Keys: Use a different YubiKey for each registration. If you are configuring backup keys, each user should have one YubiKey for the primary and a second one for the backup key.
Recovery Code: A recovery code is a last-resort mechanism to authenticate a user if all YubiKeys have been lost. Recovery codes can be assigned to the users you specify; however, the recovery code is only usable if the username and password for the account are also available. The option to generate a recovery code is presented during the configuration process.
Step 2: The User Account Control dialog appears. If you are running this from a non-Administrator account, you will be prompted for local administrator credentials. The Welcome page introduces the Yubico Login Configuration provisioning wizard:
Step 4: The configurable items are:
Slots: Select the slot where the challenge-response secret will be stored. All YubiKeys that have not been customized come pre-loaded with a credential in slot 1, so if you are using Yubico Login for Windows to configure YubiKeys that are already being used for logging into other accounts, do not overwrite slot 1.
Challenge/Response Secret: This item enables you to specify how the secret will be configured and where it will be stored. The options are:
Use existing secret if configured – generate if not configured: The key’s existing secret will be used in the specified slot. If the device has no existing secret, the provisioning process will generate a new secret.
Generate new, random secret, even if a secret is currently configured: A new secret will be generated and programmed to the slot, overwriting any previously configured secret.
Note: If you select to save a recovery code while provisioning a user for a second key, any previous recovery code becomes invalid, and only the new recovery code will work.
Create Backup Device for Each User: Use this option to have the provisioning process register two keys for each user, a primary YubiKey and a backup YubiKey. If you do not want to provide recovery codes to your users, it is good practice to give each user a backup YubiKey. For more information, refer to the Primary and Backup Keys section above.
Step 7: The username shown in the Configuring User field shown above is the user for whom a YubiKey is currently being configured. As each username is displayed, the process prompts you to insert a YubiKey to register for that user.
Step 8: The Wait for Device page is shown while an inserted YubiKey is being detected and before it is registered for the user whose username is in the Configuring User field at the top of the page. If you have selected Create Backup Device for Each User in the Defaults page, the Configuring User field will also display which of the YubiKeys is being registered, Primary or Backup.
Step 10: The Programming Device page displays the progress of programming each YubiKey. The Device Confirmation page shown below displays the details of the YubiKey detected by the provisioning process, including the device serial number (if available) and the configuration status of each One-Time Password (OTP) slot. If there are conflicts between what you have set as defaults and what is possible with the detected YubiKey, a warning symbol is displayed. If everything is good to go, a check mark will be shown. If the status line shows an error icon, the error is described, and instructions for fixing it are displayed on the screen.
Step 11: Once programming is complete for a user account, that account can no longer be accessed without the corresponding YubiKey. You are prompted to remove the YubiKey just configured, and the provisioning process automatically proceeds to the next user account/YubiKey combination.
Step 12: After all, the YubiKeys for the specified user account have been provisioned:
If the Generate Recovery Code was selected on the Defaults page, the Recovery Code page is displayed.
If Generate Recovery Code was not selected, the provisioning process would automatically continue to the next user account.
The provisioning process moves to Finished after the last user account is done.
The recovery code is a long string. (To eliminate problems caused by the end-user mistaking the numeral 1 for lowercase letter L and 0 for the letter O, the recovery code is encoded in Base32, which treats alphanumeric characters that look similar as if they were the same.)
The Recovery Code page is displayed after all the YubiKeys for the specified user account has been configured.
Step 13: On the Recovery Code page, generate and set a recovery code for the selected user. Once this has been done, the Copy and Save buttons to the right of the recovery code field become available.
Step 14: Copy the recovery code and save it from being shared with the user and keep it in case the user loses it.
Note: Be sure to save the recovery code at this point in the process. Once you proceed to the next screen, it is not possible to retrieve the code.
Step 16: Give each user their recovery code. End-users should save their recovery code to a safe location accessible when they cannot log in.
YubiKey User ExperienceWhen the local user account has been configured to require a YubiKey, the user is authenticated by the Yubico Credential Provider instead of the default Windows Credential Provider. The user is prompted to insert their YubiKey. Then the Yubico Login screen is presented. The user enters their username and password.
Note: It is not necessary to press the button on the YubiKey USB hardware to log in. In some instances, pressing the button causes the login to fail.
When the end-user logs in, they must insert the correct YubiKey into a USB port on their system. If the end-user enters their username and password without inserting the correct YubiKey, authentication will fail, and the user will be presented with an error message.
If an end user’s account is configured for Yubico Login for Windows, and if a recovery code was generated, and a user loses their YubiKey(s), they can use their recovery code to authenticate. The end-user unlocks their computer with their username, recovery code, and password.
Until a new YubiKey is configured, the end-user must enter the recovery code each time they log in.
If Yubico Login for Windows does not detect that a YubiKey has been inserted, it is likely due to the key not having OTP mode enabled, or you are not inserting a YubiKey, but instead a Security Key, which is not compatible with this application. Use the YubiKey Manager application to ensure that all the YubiKeys to be provisioned have the OTP interface enabled.
Can you use a YubiKey to login to Windows 11/10?Yes, you can use YubiKey to log in to Windows 11/10 PC. However, you must have a local account to make use of YubiKey with your computer. While using it on your computer, you must ensure that you have disabled all the remote login methods.
How do I set up my YubiKey login on Windows?In order to set up YubiKey login on Windows, you need to have three things – YubiKey USB hardware or the physical device, the login software, and the YubiKey Manager software. You need to go through the software installation process first. Next, you can follow the aforementioned steps to get the job done.
Important: Alternative sign-in methods supported by Windows will not be affected. You must, therefore, restrict additional local and remote login methods for the user accounts you are protecting with Yubico Login for Windows to ensure you have not left open any ‘back doors.’
How To Switch The Language Of The Page Using Javascript?
Whenever you develop a website or application for a worldwide business, you must also focus on which language your audience can understand. For example, English is an international language, but in some parts of the world, people don’t understand English as they speak German, Spanish etc.
Here, we will learn to switch the language of the web page using JavaScript.
SyntaxUsers should follow the syntax below to change the language of the web page using JavaScript.
if (lang == "en") { element.innerHTML = "content"; } else if (lang == "fr") { element.innerHTML = "content"; } else if (lang == "de") { element.innerHTML = "content"; }In the above syntax, we have written the if-else statement to change the content of the web page according to the language selected. Users need to replace the content with the content of a particular language.
Example 1In the example below, we added some div element content. Whenever users press any button to change the web page’s language, we invoke the changeLanguage() function by passing the language as a parameter. In the changeLanguage() function, we access the div element and change its content according to the language selected.
function changeLanguage(lang) { let element = document.getElementById(“div”); if (lang == “en”) { element.innerHTML = “Hi How are you! This is written in English.”; } else if (lang == “fr”) { element.innerHTML = “Bonjour Comment allez-vous! Cela est écrit en français.”; } else if (lang == “de”) { element.innerHTML = “Hallo Wie geht es dir! Das ist auf Deutsch geschrieben.”; } }
Example 2We have created a web page with multiple elements in the example below. Also, we have given the unique id to every element. In JavaScript, we have created the object named ‘languageContent’. In the object, we have stored the language as a key and the content as a value. In the content object, we have used the element id as a key and its content in a particular language as a value.
In the switchLang() function, we access the content of a particular language from the languageContent object and replace the content of all elements on the web page.
let languageContent = { “en”: { “text1”: “This is a sample content”, “language”: “English”, “BrandName”: “TutorialsPoint”, “Programming_lang”: “JavaScript”, }, “fr”: { “text1”: “Ceci est un contenu d’exemple”, “language”: “Français”, “BrandName”: “TutorialsPoint”, “Programming_lang”: “JavaScript”, }, “es”: { “text1”: “Este es un contenido de ejemplo”, “language”: “Español”, “BrandName”: “TutorialsPoint”, “Programming_lang”: “JavaScript”, } } function swithcLang(lang) { for (let key in languageContent[lang]) { document.getElementById(key).innerHTML = languageContent[lang][key]; } }
Users learned to switch the language of a web page using JavaScript. In the first example, we have given a demo of how we can switch between multiple languages.
We can use the second example for the real-time website. Developers need to create a JSON file to store the content rather than in the same files, as real-time apps can have lots of content. After that, they can use for loop to iterate through all elements of the JSON file and update the content of the webpage.
Best Chrome Extensions To Refresh The New Tab Page
Google Chrome’s new tab page is very minimal with a few quick links to the most viewed websites. For many, this default new tab page is boring and uninspiring, and the lack of customization options make it unpopular with the crowd. Luckily, there are lots of good chrome extensions which can totally revamp your default new tab page to a more useful one.
1. Start! 2. Awesome New Tab PageAs far as graphics, or how cool it looks, Awesome New Tab Page is a really good choice. It’s made up of custom placed tiles that really does end up appealing to the eyes.
You can add links, widgets and apps to the new tab page setup which makes for a real customized situation. For an added touch, use the note widget to leave messages as reminders to yourself.
3. Incredible StartPageYou can really make this one your own by changing the background color, choosing your own wallpaper for the large box, and several other design elements. Then there is the handy sticky note where you can type your own messages, much like the note app.
4. Speed Dial 2Seriously though, there are so many settings you can tweak to get things customized to your liking. Check them out and see what you can pull together for yourself.
5. MomentumMomentum is your one-stop space for motivation to focus on what matters in a beautiful way. Every day it will let you enter a task to focus on that you need to get done, and it shows a new background and quote every day to motivate you. It also has a built-in to-do list where you can enter everything you need to do and easily access it whenever you open a new tab.
Momentum also has a premium version ($1.99/month) that lets you change themes and fonts, skip backgrounds and quotes, fetch data from popular to-do list apps and fully customize to-do lists. It does ask you to supply your email to sync changes across all your devices, but you can decline it if you don’t want this feature.
6. MortalityOne thing many of us forget is that time is limited for everything, thus we just keep putting today’s tasks off until tomorrow. Mortality is a somewhat harsh approach to remind you that today is the day to get up and get things done. You just need to give your date of birth, and Mortality will show your current age in years, months, days, hours, minutes, seconds and even milliseconds on your new tab. The timer keeps running and tells you how quickly the time is slipping out of your hands. It literally makes you feel that you have less time, especially the milliseconds – they are quite scary.
On top of the timer it shows the total months spent as colorful circles and squares to let you know how much you have already spent.
7. Random QuoteRandom Quote takes a simple approach of showing a random quote whenever you open a new tab. There are no bells and whistles, just a plain single color background with a random quote on it. The color and quote changes every time you open a tab, and I have opened more than fifty tabs without repeating a single quote. I also found my new tab opening faster compared to the new default tab of Chrome after installing the above extensions.
If the above are not enough, there are plenty of Chrome extensions to extend its functionality, or even to speed up your browsing speed.
Subscribe to our newsletter!
Our latest tutorials delivered straight to your inbox
Sign up for all newsletters.
By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time.
5 Ways To Increase Your WordPress Site Speed
The great thing about WordPress is the content management service (CMS) makes it very easy to edit and alter site elements to keep things simple and efficient. Whether it is changing images or altering scripts, WordPress makes things easy. Many learn how to make WordPress work through Googling their problems. Another way to improve your site’s speed is through the loading process. This means having great servers and hosting services. For example, an easy way to make your WordPress site work faster is by using fast web hosting like Siteground to take care of all hosting issues.
The fixes profiled here are easy to take care of, and many of them will take very little time.
Image OptimizationThis process kills two birds with one stone. The first thing you need to know is which image type works best for a specific file type. Without getting deep into the weeds, JPGs and PNGs work differently and each file type lends itself to more efficient loading when visitors access your page. Here is the differentiation:
PNG file types are for screenshots and illustrations
JPG file types are for photos; export JPGs once
Running an image optimizer for your site is very important as well. These optimizers will trim the fat from your images. In fact, optimizing your images will reduce the clutter the image contributes to your WordPress site by up to 95% per image. Here’s what that means in real numbers. Let’s say an image is 523 kB. An image optimizer clears out the clutter and resize the image, essentially. Reducing an image of this size by 25% means your site now only has to manage an image the size of 392 kB instead. This may not seem like a lot, but when you add it up over all the images on your site, you’ll be astounded at how much speed reducing clutter has been removed from your WordPress site.
Use CloudFlare as a FilterCloudFlare is a useful tool for sifting out junk in your incoming traffic. The easiest way for hackers to shut down a site is with a DDoS attack – overwhelming of servers with massive numbers of requests and the inability to answer them quickly. The site slows down and eventually crashes. CloudFlare does several things besides act as a filter. Essentially it makes your site run quickly because several tasks such as the ones below work with greater efficiency:
Gizchina News of the weekJoin GizChina on Telegram
Static files pull from closer geographic locations via a built-in CDN
Hybrid cache system allows for quicker request handling
DDoS monitoring prevents useless traffic from bogging down your servers
Firewall keeps malicious actors and files from corrupting your site
Understanding How to CacheThere are a couple considerations when page caching, but unless you have an e-commerce site, it is pretty easy to gain much in the way of speed from your WordPress site. Caching is pretty simple – instead of doing the process of generating a page each time someone accesses your site the caching process takes a copy of the page and then gives a copy to all subsequent parties heading to that page. This process makes your site run 2 – 5 times faster. This is a noticeable speed increase. If you’re still unsure of how caching works, just imagine writing the same phrase on a piece of paper for 30 different people each time you’re asked. Now, with caching, what your WordPress site is doing is writing the phrase for the first time and then handing out photocopies to each subsequent request.
Keep Your Theme Trim and FitBulk is always the enemy of speed. WordPress is very exciting because the themes and widgets let your imagination run wild. However, if your theme is massive and there are several widgets, each page will take longer to load. With each widget and improvement on a theme, these are elements of clutter you are adding to your site:
Each widget has its own JavaScript file, which needs a CDN to access it
CSS files embedded within each widget
Third Party API calls are present and cause greater bloat within these elements
Get Professional HelpA Virtual Private Server is an excellent toy for people who like to play around with their site, however many of these VPS’s lack specific WordPress configuration. So, you go and configure the VPS only to find your WordPress site is just as slow as it always was. A great solution is calling a professional. They will charge roughly $100 to tune up your VPS – but it is worth it. The floor for the speed boost is increases in requests per second that the server could resolve of up to 10 times the original amount. This may not seem like a lot, but when your site is buzzing, these little fixes will pay for themselves and allow you to have a responsive and fast WordPress site.
Update the detailed information about 4 Of The Best Tips To Secure Your WordPress Login Page on the Cancandonuts.com website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!