How to secure a Wordpress installation? - wordpress

I have installed the following WP plugins at my site:
Hide My WP
Wordfence free
All In One WP Security & Firewall (with 410 points)
DNS from CloudFlare (medium settings)
Good global hosting, not cheap.
My Admin name is like "gfutiewf" and login link like: mysite.com/dfwhc.
That´s all okay, today I see again in log:
Anybody at login page try the "gfutiewf" username with bad password...
How? From where he see the login url and admin name?

I'm guessing they were guessing your author ID like so:
http://www.example.com/?author=1
http://www.example.com/?author=2
...
Once found, the WordPress would redirect to:
http://www.example.com/author/myrandomname/
which by default would be your admin name.
One way to solve that would be to change the value of user_nicename column in users table in the database to something else, like 'admin'. That way, the redirect will change to:
http://www.example.com/author/admin/

First off make sure you have the latest version of Hide My WordPress – Security Plugin - currently v1.1.028
Make sure you are not redirecting the old login (ex. wp-login.php to the new login page)
Also are you using Hide My Wp PRO? The current free version only hides the admin and login paths to see if the product is compatible with your WordPress.
To hide all the URLs you need to activate the Ninja mode and the plugin will hide all the paths from your website.
For further help please share your site's name so we can take a look at it.
Hope that helps.

Related

How to replace wp-admin with any text from wordpress admin URL?

What is the easiest way to replace wp admin from wordpress admin URL?
Basically I want to change http://localhost/wpsite/wp-admin
with http://localhost/wpsite/myadminpanel.
Here is a support page for one hosting provider, which suggests installing one of the plugins below to achieve this:
Lockdown WP Admin (this one seems a bit old now)
iThemes Security
And don't forget make a full backup of your website, before doing any of the changes!.
I'm Using this plugin ( https://wordpress.org/plugins/wps-hide-login/) and for me it work fine and it is very easy to setup

woocommerce_my_account stopped working after moving to another hosting provider

I recently moved my site built in Word Press to another hosting provider and I found the shortcode [woocommerce_my_account] is not working anymore.
Previously, I had a page called account login where I had the shortcode [woocommerce_my_account]. In the settings I set the landing page to be the same page (account login). so, after an user logged in, it was redirected to the same page showing his/her details.
However, in the new hosting provider this is no longer working. After I put the login information and attempt to login it is taking me to wp-login.php page and ask me to enter my login details again.
The URL path that I see in the browser after attempting to login is similar to this <site_name_url>/wp-login.php?redirect_to=http://<site_name_url>/account-login/
Anybody has got to the bottom of this issue? Thank you.
Try adding this to your wp-config.php:
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
Make sure you change http://example.com with your own domaine. You can also try to search and replace your domaine in the database if it has changed.
You can also try to clear browser cache and cookies. I had an issue like this before, launched a private navigation and it was working fine.
Try setting define(‘WP_DEBUG’, true);, you may see something going on.
Sometimes, php version makes a difference, try to set the same php version on you new host (google the name of your hosting provider + change php version).
When you move sites/restore databases you often need to save the permalinks again.
go to /wp-admin/options-permalink.php and click "save". This will setup your .htaccess file with the correct information for redirects.
Finally, after all of these days searching and trying different things, the answer for this issue in my case was not related with the Word Press installation itself but, with some software installed on the server called varnish, apparently used to cache the site and improve its performance.
After having a support chat with the hosting provider, they mentioned that varnish is breaking the woocommerce plugin.
At this point, I am not sure if varnish is not compatible with woocommerce or the settings applied on the server using this software make woocommerce not to work properly.

how to hide wp-admin from site made with wordpress on live

I am about make my site live, but i don't want some usual suffix in url like wp-admin, wp-login. Is there any way i can remove it?
And if there is any solution for that, then how would I access my admin panel after that?
Free plugins were recommended to fix this issue;
Lockdown WP Admin: link
Hide Login+ : link
Secure Hidden Login : link

Wordpress Setting Custom URLs for login. Not Possible?

I am not an expert for mod_rewrite, so I need a big time help. Here is the scenario:
Domain Name: www.example.com
Points To: /www/public_html/
I have a wordpress installation at:
/www/public_html/subfolder/
Now I have two htaccess files, lets call them .h1 and .h2 . I have managed upto now to do this:
When user types www.example.com they are taken to the wordpress homepage in the subdirectory (sweet). In fact everything is hunky-dory besides:
MAIN PROBLEM:
I want to create a custom login URL, say : www.example.com/mylogin
I am able to do the following by setting the following in my .h2
RewriteRule ^mylogin$ wp-login.php
But when I use this URL, it taken me to the login screen but the url in the browser changes to http://example.com/subfolder/wp-login.php
I want the URL that is displayed when the login screen is presented to stay the same as before i.e. http://example.com/mylogin
More precisely, no subfolder name and no wp-login should be displayed. How do I achieve this? Any help would be appreciated.
Your solution doesn’t hide the default login url. It only adds an easier to remember url which redirects to the default url /wp-login.
Without the need for coding you can easily install the plugin Custom Login and Admin URL’s that fixes this weakness.
Caution: This plugin have been tested on a new installation of WordPress and it worked fine. However, most free plugins are unsupported which means they sometimes conflict with other plugins depending on what you have installed. If you have any issues, login to cPanel or FTP and delete the plugin or contact your web hosting provider.
Another Security plugin for WordPress which you may want to take a look at is named Better WP Security. This WordPress plugin offers security settings for WordPress login, registration and admin pages as well as many other anti hacking features to protect your site.

Wordpress register URL Mismatch

In blog home page, when i click on register, it takes me to this URL http://www.tawnosdesigns.com/mockups/behindthestorywp/wp-login.php?action=register . This is not my site's (behindthestory) login page. it is another domain which i used for mockup. how can I set my original site (behindthestory.org) register URL ?
site url : behindthestory.org
username : gatsby
password : santoga
If this happened after you deployed it, you can try going into the wp_options table in the database, and searching for the old options and changing them. I think the option is called site_url.
After visit your provided site, it's seems you are using you are using a static form on header or installed plugin for registration. So you need to change in template or check plugin setting if you installed for registration.
maximum chance this is a static form in template.
Hope this helps you. All the best ;)

Resources