One of the huge disadvantages of using the WordPress application to run your website(s) is that almost anyone can access it in the front-end (if they know your username and password). And with today’s technology, I’m sure it’s not that hard to try and track down someone’s login information.
By default, one can access your WordPress dashboard by simply adding “/wp-admin” or “/wp-login.php” to the end of the url (i.e. yourwebsite.com/wp-admin or yourwebsite.com/wp-login.php). There, they have access to the basic login screen, where all they would have to do is fill in the username/email and password. But what if you could disable this? And prohibit any kind of access to this login page? Fortunately, there’s a plugin that allows you to do this (and much more)!
You can secure your website through the WP Cerber (aka “Cerber Security & Antispam) WordPress plugin. With this plugin, you can not only remove access to the “/wp-admin” and “/wp-login.php” extensions, but also create a custom login URL (i.e. yourwebsite.com/customURL). So now, people from all around the world won’t have the most crucial step for hacking into the front-end of your WordPress website!
Another thing I absolutely love about this plugin is the fact that you can monitor all login activity—both successful and unsuccessful. To clarify, you can check to see who successfully logged into your website: on what day, what time, and what place (it provides you with the user’s IP address). You can also check to see who attempted to log into your website. (You have the option to immediately block any IP address that tries to access the dashboard. By doing this, you are “locking them out” of your website.)
This plugin is also great for a variety of security functions, such as creating a user session expire (when you automatically get logged out of your dashboard after a period of time).
So, how do you download and activate it? It’s actually quite simple. It’s just a simple WordPress plugin that you can install within your dashboard. Here’s how to install WP Cerber on your website(s):
Log into your WordPress dashboard and click on the “Plugins” tab on the left sidebar.
Click on the “Add New” button found in the top left corner.
Type “WP Cerber” in the search box at the top right corner.
Make sure the plugin says “Cerber Security, Antispam & Malware Scan” (by Gregory) and click on the “Install Now” button, and then the blue “Activate” button that will show up.
After you click on the “Activate” button, there should be a green notice at the top (with the dog illustration) with a series of links. Click on “Main Settings” to configure the plugin. Here you have the option to check any and/or all the settings you want. I highly recommend checking all the options under “Proactive security rules” and creating a custom URL under the section that says “Custom login page.” (You should also check the option below this custom URL that says “Disable wp-login.php.”)
Once you are happy with the settings you configured, scroll down and click the blue “Save Changes” button.
Step 7 (Optional):
In the past, I’ve noticed that this plugin will sometimes break and/or unnecesarily block contact form requests. To fix this, from within the dashboard, I hovered over the “WP Cerber” option and clicked on “Antispam.” I then unchecked all the options except the fourth, “Use less restrictive policies (allow AJAX).”
Step 8 (Optional):
To activate the user session expire feature: From the dashboard, click on the “WP Cerber” tab on the left sidebar > Click on the “Users” tab found at the top right corner > Fill in the second box with how many minutes you want until WordPress logs a user out.
Although I’m sure there are many more great features that WP Cerber has, I wanted to share a few of the things that I personally use in my websites, along with client websites!