wp-admin is the cockpit of your WordPress. You can control your whole website from the wp-admin area. This is one central area of your website that holds supreme powers. And, hence the desired target.
Now, restricting access and disabling user registration can help secure your wp-admin from hackers. Learn the step-by-step process here.
Restrict Access To wp-admin
Allowing only a select IP can resist hacker’s IP from reaching your website.
Here is how you can restrict others from accessing your website.
Step 1 – Connect to your website through an FTP client
Step 2 – Navigate to public_html directory>wp-admin
Step 3 – Create a .htaccess file there
Step 4 – Paste the following code there and save it-
Order, Deny, Allow
Deny from all
Allow from xx.xx.xx.xx
Edit the “Allow from” line to allow your IP address. For multiple IP whitelisting, repeat the “Allow from” in the next line and so on.
Disable User Registration
Usually, there is a Register link on your WordPress login page. You can disable this Registration form to discourage access to wp-admin.
This will redirect visitors to the standard login form if they try to access the registration form after being shown an error message.
To disable user registration on your WordPress, follow the next steps:
Step 1 – Go to your WP dash>general>settings
Step 2 – Uncheck ‘Anyone can register’ option from there.
Step 3 – Save the changes.
And, you are good to go.