How to Login to WordPress Dashboard Securely
Logging into WordPress dashboard is a simple and easy task, but a security breach is a frequent problem to many website owners. If you have been hacked before or want to increase the security level of your website, there is a way to strengthen your defence against hackers. To know what this is, let us thoroughly discuss how you can login to the WordPress dashboard securely!
Log in to WordPress Dashboard with Strong Security
Log in Using Your Username and Password
Installing WordPress is a prerequisite to start your website, and once you have done this, you can log in to your dashboard. Use this URL format every time you log in, so you will automatically be directed to your login page:
In case you forgot your WordPress password, you can click the Lost your password? link and then type in your WordPress username or email.
WordPress will send you a reset password link to your email. Click on that link to create a strong password. Once you have created a new password, go back to your login page and log in using it.
Install Two-Factor Plugin
Two-Factor is a plugin that increases your website’s security level as it uses time-based one-time passwords to allow a login to your account. To install this, go to Plugins from your Dashboard menu and select Add New.
Type “two factor” on the search box and when the plugin shows up, click Install Now and then Activate.
Go to Users from your Dashboard menu and select Your Profile. Scroll down the page and you will see the Two-factor Options section.
Tick the security system options that work best for you from the selection. From your choices, select one to make as your primary security system.
If you choose email as your primary, click Generate Password, and copy that. You will use it to log in to your account later.
Click Update Profile at the bottom once done. WordPress will then send an email that confirms the new login information.
Try logging out and logging back in and use the password you generated on the plugin. Once your website detects the new login information, it will ask for a code, which will be sent to the same email.
Copy the code from your email and paste it on the login page. One important thing to note though that this may take some time for the website to accept your login request.
Install Wordfence Security Plugin
If you choose the Google authenticator option as your primary security system, we recommend you use Wordfence Security plugin. It uses a malware scanner and endpoint firewall to protect your website.
Developers design this plugin to also block malicious IP addresses from accessing your website. This means it is a plugin that provides strong security for your WordPress, especially during login attempts.
Type “Wordfence Security” in the search box so it is quicker to find on the search page.
Once it is installed, enter your email address so the plugin can send you security alerts if somebody tries to login to your wordPress dashboard illegally. Select “Yes” if you want to receive Wordfence news and security alerts about WordPress.
Wordfence is a free plugin you can install, but if you want to maximize its security benefits, you can enrol into their premium subscription. If you do not want to, click the No Thanks link.
Activate Two-Factor Authentication (2FA) for WordPress
Once you have installed the plugin, it will appear on your Dashboard menu. Click on it and select Dashboard. From there, you will see a summary of the status of your website security. Feel free to check the page.
Go to Users from your Dashboard menu and select Your Profile. Scroll down to the bottom of the page and click Activate 2FA.
2FA is a feature of Wordfence that protects your website from credential stuffing attacks and password guessing.
Use a Security Code to Log in
Before you do anything on the 2FA page, you need to install Google authenticator app on your phone first. Go to your play store or app store and search the app.
When you open the app, it will ask you to scan the barcode, which is what you can see on your website. Once scanned, it will detect your website and username and give you a six-digit code.
Enter that code in the box and click Activate.
There will be a pop-up message suggesting downloading the recovery codes in case you lose access to your authenticator on your phone. We recommend clicking Download and saving the codes on your local drive.
Once done, you will see on your screen that 2FA is already active on your account. If you log out from your account and log back in, WordPress will now require a 2FA code, which you can obtain from your authenticator on your phone.
You might also receive an email that a login attempt was made. With this app, it makes your website more secure from any unauthorized login attempts.
Disable the Security Plugin
If you lose access to your 2FA, you can simply configure the settings of your control panel. Log in to your control panel and go to File Manger under Files.
Open your public_html directory and go to wp-content. Select plugins, locate the plugin you will disable, right click on it, and then rename to old.
Click Rename File to save the changes. This will disable the plugin and allow you to log in to WordPress with only your username and password.
Why Can’t I Log in to My WordPress Dashboard?
If you cannot log in to your WordPress dashboard account, there are two reasons for that:
- Username or password is incorrect – Many WordPress users simply forget their password, and after a few attempts, they still cannot access their account. When this happens, you can click the reset password link on the login page, as mentioned earlier, so WordPress can email you a reset link.
- WordPress login disabled – If this is the error you see when you log in, it could be that there have been a lot of failed attempts to access your account. Your website security system might disable your admin login details to prevent brute force attacks.
The steps to log in to your WordPress dashboard are still the same, using a username and password. You only must beef up your login security system, so hackers will not easily break into your account.
You can install Two-Factor plugin and opt for the email method or you choose the quickest and easiest one, which is through Google authenticator (Wordfence Security).