Posted on January 10, 2011
WordPress security is often very strong straight out of the box. Though many may say that open-source software is insecure, I beg to differ. Within hours of realizing a security breach in the code, WordPress and mostly @nacin had updated the code and pushed a security update. That’s hours, not days like the big corporate companies (cough Adobe).
Nevertheless, I love to make it even more secure. And I think I have done that. Introducing Lockdown WP Admin. It is a neat plugin to help youÂ lock downÂ WordPress’s admin interface.
It can do two things, one hide the WordPress admin interface from non logged-in users and provide built in HTTP Authentication. By hiding the WP admin interface, if you access domain.com/wp-admin/, you wouldn’t be redirected to the login page if you weren’t logged in. Instead, you would recieve a 404 File not Found error.
HTTP Authentication is a secure way to provide security to your WordPress install. You can control this in two ways. It can ask for your WordPress login credentials, or you can create your set of custom user/passwords. This way, you can have a double your chances of an unauthorized user from accessing your WordPress admin interface. Over at @teensintech, we use this when we have out authors login with their own WordPress credentials and then they must login with another set of username/passwords to be twice as secure. That may not be the best practice possible, but I think it decreases my chance of brute force attack.
You can download version 2.0.1 at http://wordpress.org/extend/plugins/lockdown-wp-admin/. I’d also love if you can support me and my other plugins by donating!