Guide to Securing WordPress Login

By default, WordPress URLs for accessing the management system of every website follow the same format: domain/wp-admin. For example: Mytour.com/wp-admin. This is one of the reasons why websites are often targeted by malicious attackers.

Guide to securing WordPress login through 2 simple and effective methods

Securing personal information and data on a website is essential and practical in the current era.

Guide to Securing WordPress Login

The two WordPress login security methods listed by Mytour below are not complex but rather simple and easy to execute, yet they are often overlooked.

Method 1: Use a long password with special characters

Setting a strong, hard-to-crack password is the first factor you need to address if you want to secure WordPress login. Typically, the longer the password, the more secure it is. Below is a statistical chart of the average time it takes to crack a password based on its length.

- 7 characters take about 0.29 milliseconds to crack;

- 8 characters take about 5 hours to crack;

- 9 characters take about 4 months to crack;

- A password with 10 characters takes about 10 years to crack;

- A password with 12 characters takes about 200 years to crack.

It can be seen that a password should be at least 12 characters long. Additionally, to increase the difficulty for intruders, you should use a password that includes special characters, uppercase letters, and does not follow a pattern. E.g., Mytour@20x19

To change the password on WordPress, follow these steps:

Step 1: Log in to your WordPress account. Right-click on the shortcut to Settings at the top right of the screen. In the Settings window, proceed to select the Security category in the left column.

Step 2: In the Security section, click on the Password tab, then enter your new password. Finally, click Save Password to save the new password.

Method 2: Use Two-Factor Authentication

Using two-factor authentication is a highly recommended security measure for WordPress logins. When this feature is enabled, every time you log into WordPress, an additional access code will be automatically sent via message or app on your phone.

Step 1: To enable Two-Factor Authentication, follow these steps: go to Settings, choose the Security category, and finally select the Two-Factor Authentication tab.

Step 2: To activate the feature, you need to use your personal phone number. In the information box, select the Country Code as Vietnam and enter your phone number in the adjacent field.

After entering the information, you have two choices: Verify via SMS or Verify via App. Depending on your chosen method, WordPress will send the verification code to you.

Step 3: In the illustrated example, Mytour uses Verify via App. After receiving the verification code, enter it into the information box and click the Activate button.

Step 4: Now the Two-Factor Authentication feature is activated. You will receive a Backup Code for accessing your account in case you forget your password or lose your phone. After saving this code in a secure place, check the I've stored the Backup Code box, and finally click Finish.

With the two simple methods just guided by Mytour, the WordPress login security layer has been reinforced against potential attacks from hackers. Your website's information and data will be more effectively secured. Additionally, you can explore how to create a WordPress site on Hostinger here. Wishing you success!