How to protect your Joomla or WordPress Admin page
Securing a website is one of the most important tasks any site administrator has to consider. There is always the ever-growing threat of evil minded creatures who spend their time prowling over the sea of websites like a roaring lion, seeking someone to devour anytime they see an opportunity.
As you may be aware, there is no permanent solution to secure a CMS site be it Joomla, WordPress or any other website for that matter. Any open-source script is out there for all to see, so any vulnerability found in the script can be exploited, but not because of that you must leave your site unattended.
With that said, taking all the necessary measures to ensure that all your CMS core files, extensions and/or plugins are up-to-date, and that you are doing a frequent full site backup, is always a good start.
You see, though there is no permanent solution to secure a CMS site, making it a little bit harder for the bad bots or hackers, can help a lot.
Enabling Two-Factor Authentication
There are many different extensions and / or plugins out there that site owners can use to secure their admin links, but the majority of more experienced webmasters suggest using two-factor authentication with Google Authenticator & YubiKey authentication method, without installing any additional plugin or extension.
Though they may be right with their recommendations, we still believe that the best method to secure the admin login area is probably via .htaccess by blocking access from IP addresses.
Restricting your admin area to be accessible from a single IP is a great way to secure your Joomla and/or WordPress site if you have a static IP Address. To do this, you will need to use .htaccess files as shown below:
Securing Your Joomla Admin Link
To secure your Joomla Admin Link, you will have to place a .htaccess file inside your administrator folder with the following lines of code.
Please note that the examples below are based on denying everyone and only allowing select ones in.
.htaccess (range by omitting remainder of ip)
order allow,deny deny from all Order Deny,Allow Deny from all Allow from 1.234.567.890
order allow,deny deny from all Order Deny,Allow Deny from all Allow from 1.234.567 #<---missing end of ip address for range
Securing Your WordPress Admin Link
To secure your WordPress Admin Link, you will have to place a .htaccess file inside your WordPress main folder with the following lines of code:
Order deny,allow Deny from all Allow from 1.234.567.890
Enabling SSL Certificate for your domain
The other important security measure that is also worth mentioning is the use of SSL Certificates.
Most site owners have taken this lightly. The SSL Certificate is also one of the best methods that site owners can use to secure their front and back end links.
Not only will it inform your potential clients that your web-site, or web-shop is good enough for safe web browsing or to purchase from, but it will also make things difficult to the bad bots as well as to hackers.
And if you can't afford to purchase a SSL Certificate for your site at the moment, you can always opt for Let's Encrypt SSL Certificate, a free of charge Certificate offered by many hosting providers now-a-days.