Everyone with a self hosted WordPress site knows the URL (WordPress login page)used to log in to any website. If someone steals your password from somewhere or is able to guess it correctly, they will easily gain access to your WordPress website.
Besides using a good password for your self hosted website and making sure you are running the latest version of WordPress, there are a few extra things you can do to protect your website and all the hard work you’ve been putting in.
Add a Password to the wp-admin folder
You can add a password to this folder because it contains all the important data of your website. In addition to your normal wp-admin log in details, you can also protect the folder from unauthorized access. Amit Agarwal has a detailed step by step procedure on how to do this.
Login With Your WordPress Account
If you use your WordPress account to log in to your self hosted site, then you get all the advantages of the security that WordPress has. First of all, all suspicious log in activities will be documented for you. Then since WordPress has 2 factor authentication, you can use that as an extra layer of security.
Connect your self hosted site to your WordPress account using the Jet pack plugin. Once you confirm that you can successfully log in using the secured WordPress account, you can change the original ‘admin’ account to ‘subscriber’ so that it no longer has access to the dashboard area.
Use 2 Factor Authentication Plugin
The self hosted WordPress core does not have 2 factor authentication. But you can use a plugin like Google Authenticator to implement 2 factor authentication for your WordPress site.
Use Clef Plugin
The Clef plugin is an interesting WordPress plugin that eliminates the need for a user to Enter the password when logging in to WordPress. With the plugin installed on your site and the app installed on your smartphone, the log in process is as simple as waving your phone on your computer screen.
Your phone is basically your password and without the phone, no one can access your site via the wp-admin page or WordPress login page. .