Securing Your WordPress Website

Jun 7, 2018 | Helpful Plugins, Tips | 1 comment

One of the huge disadvantages of using the WordPress application to run your website(s) is that almost anyone can access it in the front-end (if they know your username and password). And with today’s technology, I’m sure it’s not that hard to try and track down someone’s login information.

By default, one can access your WordPress dashboard by simply adding “/wp-admin” or “/wp-login.php” to the end of the url (i.e. or There, they have access to the basic login screen, where all they would have to do is fill in the username/email and password. But what if you could disable this? And prohibit any kind of access to this login page? Fortunately, there’s a plugin that allows you to do this (and much more)!

You can secure your website through the WP Cerber (aka “Cerber Security & Antispam) WordPress plugin. With this plugin, you can not only remove access to the “/wp-admin” and “/wp-login.php” extensions, but also create a custom login URL (i.e. So now, people from all around the world won’t have the most crucial step for hacking into the front-end of your WordPress website!

Another thing I absolutely love about this plugin is the fact that you can monitor all login activity—both successful and unsuccessful. To clarify, you can check to see who successfully logged into your website: on what day, what time, and what place (it provides you with the user’s IP address). You can also check to see who attempted to log into your website. (You have the option to immediately block any IP address that tries to access the dashboard. By doing this, you are “locking them out” of your website.)

This plugin is also great for a variety of security functions, such as creating a user session expire (when you automatically get logged out of your dashboard after a period of time).

So, how do you download and activate it? It’s actually quite simple. It’s just a simple WordPress plugin that you can install within your dashboard. Here’s how to install WP Cerber on your website(s):

Step 1:

Log into your WordPress dashboard and click on the “Plugins” tab on the left sidebar.

Step 2:

Click on the “Add New” button found in the top left corner.

Step 3:

Type “WP Cerber” in the search box at the top right corner.

Step 4:

Make sure the plugin says “Cerber Security, Antispam & Malware Scan” (by Gregory) and click on the “Install Now” button, and then the blue “Activate” button that will show up.

Step 5.

After you click on the “Activate” button, there should be a green notice at the top (with the dog illustration) with a series of links. Click on “Main Settings” to configure the plugin. Here you have the option to check any and/or all the settings you want. I highly recommend checking all the options under “Proactive security rules” and creating a custom URL under the section that says “Custom login page.” (You should also check the option below this custom URL that says “Disable wp-login.php.”)

Step 6:

Once you are happy with the settings you configured, scroll down and click the blue “Save Changes” button.

Step 7 (Optional):

In the past, I’ve noticed that this plugin will sometimes break and/or unnecesarily block contact form requests. To fix this, from within the dashboard, I hovered over the “WP Cerber” option and clicked on “Antispam.” I then unchecked all the options except the fourth, “Use less restrictive policies (allow AJAX).”

Step 8 (Optional):

To activate the user session expire feature: From the dashboard, click on the “WP Cerber” tab on the left sidebar > Click on the “Users” tab found at the top right corner > Fill in the second box with how many minutes you want until WordPress logs a user out.

Although I’m sure there are many more great features that WP Cerber has, I wanted to share a few of the things that I personally use in my websites, along with client websites!

1 Comment

  1. Heather Farrington

    Thank you so much! This article was very helpful. A family member tried to signup for email list right after I installed WP Cerber and then let me know that she was blocked as a suspected bot. Yikes! I wasn’t sure which settings to change, and I didn’t know if I should use “less restrictive policies” or not. I changed the settings for anti-spam (as well as some others) as you recommended, and I got two additional signups right after that. Great info, and your screenshots were super helpful!


Submit a Comment

Your email address will not be published. Required fields are marked *

About the Author

Kayli Parks is a freelance web and graphic designer based in Sacramento, CA. After almost 7 years of working in the design business, Kayli’s goal is to continue helping others with their online presence through responsive web design. Learn more about Kayli here.

Kayli Parks Portrait


We partner with SiteGround Hosting—a fast, secure, reliable company that offers flexible plans for its customers. Join today to get a jump start on your website!

SiteGround Logo

Other Recent Posts

Divi’s Full Font List

Divi’s Full Font List

Elegant Themes recently announced a huge update with a lot of new features & fonts. This post displays all 800+ samples of the new fonts found in Divi.