How I protect admin interface of this WordPress blog

One of the easiest way to attack WordPress blog is by targeting some script of admin interface or by brute force attack and it has been found that having a good password is not enough. I take two additional steps to protect my admin interface from even the most determined hacker while allowing access to the editors and authors.

The first step is to enforce a password at proxy (haproxy) level. This is in addition to regular WordPress password and forms a gateway before WordPress admin can be accessed. Only the authors and editors know this password. Now, I could have made it different for everyone but it is not worth it. I chose and strong password. However even this may not be enough.

My WordPress interface is not even visible to a regular user and the server gives 500 Internal Server Error as it truly doesn’t exist. Only with a magic incantation and by that I mean by setting a HTTP parameter is the Admin interface accessible.

Other than the admin interface, rest of this blog is just static pages. It makes it very fast and completely secure.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.