How can I protect my WordPress Site from bad people?

someone trying to login into my WordPress admin…

36 wrong password login attamp today from those 4 ip [] [] [] []

400 spammy Accounts registered on my site in 2 months

My site is Very small, What do they want from me or my site! I not understand why they are trying to login into wp-admin, what are their benefits!

I need WordPress security suggestions to get rid of Spam User Registration and Bad login attacks.

1 Like

You can use WPS hide login plugin to hide the admin panel path. I recommend adding a recaptcha to the login and registration form. Also connect your site to cloudflare and use the firewall.

1 Like

simple way:
use loginizer
block 2 times attempt
with 99999999999999999999999999999999999999 hours
and permanent block :slight_smile: lol

hard way
change the /wp-admin to another name with

then… use random post redirect
redirect 301 wp login and wp admin to random post
violaaaa you got free traffic but carefull for bouncerate


Don’t forget to secure SSH via Cyber panel dashboard: create another user with Sudo privileges and lock root. In this case, everyone trying to access your server via SSH as root will “hit the wall”, while you will be able to log in with a newly created user as an administrator.

1 Like

@peakminute Could you please explain a bit more how to do this? I currently login to cyberpanel with the default admin user and ssh with root user. I’d like to close those off and use a custom user for each, as you’ve suggested.

Whoever uses Linux knows Root is a superuser, which got the highest privileges. :muscle:
Does not matter if you will protect your WordPress or Cyber Panel dashboard login. If you’ve got access from the server side you will be able to do whatever you want.
Guess what: all those bad people (hackers) know that as well… By figuring out the correct username it is halfway job done for exploiting your server.

That being said go to the terminal and create another user, and assign sudo privileges for that user.

  1. Login to the server via terminal
    ssh root@server-IP-address
  2. Create new user (you will be prompted to create a new password)
    adduser username
  3. Add user to “sudo” group
    usermod -aG sudo username
  4. Test sudo access by connecting to the server using new credentials and running the command
    sudo whoami
    The output shoud be “root”

When everything is done login to the Cyber panel dashboard/security tab / secure SSH and there is a slider to turn off the root user.

1 Like

Thanks very much. What do you think of turning off root password access and just using an ssh key with root user?

1 Like