{"id":1013,"date":"2024-08-04T21:02:22","date_gmt":"2024-08-04T14:02:22","guid":{"rendered":"https:\/\/doaction.co.th\/?p=1013"},"modified":"2024-12-11T12:37:44","modified_gmt":"2024-12-11T05:37:44","slug":"hide-wp-login-htpasswd","status":"publish","type":"post","link":"https:\/\/doaction.co.th\/en\/hide-wp-login-htpasswd\/","title":{"rendered":"Enhance Security: Add a Layer by Hiding wp-login for WordPress"},"content":{"rendered":"<p class=\"wp-block-paragraph\">Not hiding the wp-login.php page on a WordPress site when it goes into production is an important security issue. While it is just one of many security measures that should be implemented, hiding the wp-login.php page can help reduce the risk of brute force attacks, which involve trying to guess passwords to gain access. This not only increases the risk of being hacked but can also cause the server to work harder due to continuous password-guessing attacks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you choose to keep the wp-login.php page accessible, you should set limits on the number of login attempts. If the limit is exceeded, you can configure the system to ban the IP address. This approach is better than having it open without any restrictions, as bots often automatically search for wp-login.php and try to log in. Changing the login URL can make it harder for bots to find the login page, thus enhancing the security of the website.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Recommendations for Preventing Brute Force Attacks from WordPress<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">According to the official recommendations from WordPress on preventing brute force attacks, the following measures are advised:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\" translation-block\"><strong>Change the Login URL:<\/strong> Modify the URL from wp-login.php to avoid direct attacks.<\/li>\n\n\n\n<li class=\" translation-block\"><strong>Use Strong Passwords<\/strong> Create complex passwords that are hard to guess and change them frequently.<\/li>\n\n\n\n<li class=\" translation-block\"><strong>Limit Login Attempts:<\/strong> Use plugins that limit the number of failed login attempts.<\/li>\n\n\n\n<li class=\" translation-block\"><strong>Enable Two-Factor Authentication (2FA):<\/strong> Enhance security by implementing two-factor authentication.<\/li>\n\n\n\n<li class=\" translation-block\"><strong>Block Suspicious IPs<\/strong> Block IPs exhibiting suspicious behavior to prevent attacks.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full is-resized rounded\"><img loading=\"lazy\" decoding=\"async\" width=\"955\" height=\"817\" src=\"https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-prompt-3.webp\" alt=\"Prompt Login \u0e08\u0e32\u0e01\u0e01\u0e32\u0e23\u0e40\u0e1b\u0e34\u0e14\u0e43\u0e0a\u0e49 .htpasswd\" class=\"wp-image-1042\" style=\"width:500px\" srcset=\"https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-prompt-3.webp 955w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-prompt-3-300x257.webp 300w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-prompt-3-768x657.webp 768w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-prompt-3-14x12.webp 14w\" sizes=\"auto, (max-width: 955px) 100vw, 955px\" \/><figcaption class=\"wp-element-caption\">Prompt Login \u0e08\u0e32\u0e01\u0e01\u0e32\u0e23\u0e40\u0e1b\u0e34\u0e14\u0e43\u0e0a\u0e49 .htpasswd<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">How to Create a .htpasswd File to Prevent Direct Access to wp-login.php<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">How to hide access to wp-login.php without installing additional plugins, as recommended by WordPress Best Practices. You only need to write a few lines of code. We will create an additional layer to protect access to the login page by using features from AppServe and NGINX.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Every time you access the wp-login.php page, a login prompt will appear, asking you to enter a username and password. If you enter the wrong credentials, you will not be able to access the WordPress login page. To set this up, you need to create a .htpasswd file and modify the .htaccess file together.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The first step is to create a .htpasswd file, which you can learn about by clicking <a href=\"https:\/\/hostingcanada.org\/htpasswd-generator\/\" target=\"_blank\" rel=\"noreferrer noopener\">Check this out<\/a> .<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full is-resized is-style-default\"><img loading=\"lazy\" decoding=\"async\" width=\"2101\" height=\"1687\" src=\"https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-gen.webp\" alt=\"\u0e15\u0e31\u0e27\u0e2a\u0e23\u0e49\u0e32\u0e07 .htpasswd\" class=\"wp-image-1052\" style=\"width:700px\" srcset=\"https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-gen.webp 2101w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-gen-300x241.webp 300w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-gen-1024x822.webp 1024w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-gen-768x617.webp 768w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-gen-1536x1233.webp 1536w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-gen-2048x1644.webp 2048w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-gen-15x12.webp 15w\" sizes=\"auto, (max-width: 2101px) 100vw, 2101px\" \/><figcaption class=\"wp-element-caption\">\u0e15\u0e31\u0e27\u0e2a\u0e23\u0e49\u0e32\u0e07 .htpasswd<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Enter the username and password for authentication used in the Prompt Login. Then, select Bcrypt (Apache v2.4 onwards) and click the Create .htpasswd file button. You will receive a text string that looks like the following:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">demo:$2y$10$mHPbKdzE4up1TsWmaKurCeJQmPMeMeIiMHc7hQL5jJ64PbA1mAOIu<\/pre>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"1024\" src=\"https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-htpasswd-1000x1024.webp\" alt=\"directory \u0e17\u0e35\u0e48\u0e19\u0e33\u0e44\u0e1b\u0e27\u0e32\u0e07 .htpasswd\" class=\"wp-image-1056\" style=\"width:500px\" srcset=\"https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-htpasswd-1000x1024.webp 1000w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-htpasswd-293x300.webp 293w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-htpasswd-768x787.webp 768w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-htpasswd-12x12.webp 12w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-htpasswd.webp 1150w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption class=\"wp-element-caption\">directory \u0e17\u0e35\u0e48\u0e19\u0e33\u0e44\u0e1b\u0e27\u0e32\u0e07 .htpasswd<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1436\" height=\"284\" src=\"https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-htpasswd-txt.webp\" alt=\"\" class=\"wp-image-1081\" style=\"width:684px;height:auto\" srcset=\"https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-htpasswd-txt.webp 1436w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-htpasswd-txt-300x59.webp 300w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-htpasswd-txt-1024x203.webp 1024w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-htpasswd-txt-768x152.webp 768w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/07\/wplogin-htpasswd-txt-18x4.webp 18w\" sizes=\"auto, (max-width: 1436px) 100vw, 1436px\" \/><figcaption class=\"wp-element-caption\">\u0e27\u0e32\u0e07 generate text \u0e17\u0e35\u0e48\u0e44\u0e1f\u0e25\u0e4c<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Create a .htpasswd file in the root directory of your host. This is the same location as the .htaccess file that WordPress initially creates. Then, insert the text string generated earlier into the .htpasswd file and proceed to the next step.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Modify the .htaccess File to Set Conditions for Prompt Login Before Accessing wp-login.php<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">If your server uses Apache, place the following code at the top of the .htaccess file. The  tag specifies that anyone accessing this URL must log in first.<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u0e40\u0e23\u0e34\u0e48\u0e21\u0e01\u0e32\u0e23\u0e15\u0e31\u0e49\u0e07\u0e04\u0e48\u0e32\u0e01\u0e32\u0e23\u0e1b\u0e49\u0e2d\u0e07\u0e01\u0e31\u0e19\u0e44\u0e1f\u0e25\u0e4c wp-login.php\n&lt;Files wp-login.php>\n    # \u0e23\u0e30\u0e1a\u0e38\u0e44\u0e1f\u0e25\u0e4c\u0e17\u0e35\u0e48\u0e40\u0e01\u0e47\u0e1a\u0e02\u0e49\u0e2d\u0e21\u0e39\u0e25\u0e1c\u0e39\u0e49\u0e43\u0e0a\u0e49\u0e41\u0e25\u0e30\u0e23\u0e2b\u0e31\u0e2a\u0e1c\u0e48\u0e32\u0e19\n    AuthUserFile ~\/.htpasswd\n    \n    # \u0e23\u0e30\u0e1a\u0e38\u0e0a\u0e37\u0e48\u0e2d\u0e17\u0e35\u0e48\u0e08\u0e30\u0e41\u0e2a\u0e14\u0e07\u0e40\u0e21\u0e37\u0e48\u0e2d\u0e02\u0e2d\u0e43\u0e2b\u0e49\u0e1c\u0e39\u0e49\u0e43\u0e0a\u0e49\u0e43\u0e2a\u0e48\u0e02\u0e49\u0e2d\u0e21\u0e39\u0e25\u0e01\u0e32\u0e23\u0e40\u0e02\u0e49\u0e32\u0e2a\u0e39\u0e48\u0e23\u0e30\u0e1a\u0e1a\n    AuthName \"Private access\"\n    \n    # \u0e01\u0e33\u0e2b\u0e19\u0e14\u0e1b\u0e23\u0e30\u0e40\u0e20\u0e17\u0e01\u0e32\u0e23\u0e22\u0e37\u0e19\u0e22\u0e31\u0e19\u0e15\u0e31\u0e27\u0e15\u0e19\u0e40\u0e1b\u0e47\u0e19 Basic\n    AuthType Basic\n    \n    # \u0e23\u0e30\u0e1a\u0e38\u0e0a\u0e37\u0e48\u0e2d\u0e1c\u0e39\u0e49\u0e43\u0e0a\u0e49\u0e17\u0e35\u0e48\u0e44\u0e14\u0e49\u0e23\u0e31\u0e1a\u0e2d\u0e19\u0e38\u0e0d\u0e32\u0e15\u0e43\u0e2b\u0e49\u0e40\u0e02\u0e49\u0e32\u0e16\u0e36\u0e07\u0e44\u0e1f\u0e25\u0e4c wp-login.php\n    # demo = user \u0e17\u0e35\u0e48\u0e40\u0e23\u0e32\u0e2a\u0e23\u0e49\u0e32\u0e07\u0e02\u0e36\u0e49\u0e19\u0e21\u0e32\n    require user demo\n&lt;\/Files><\/pre>\n\n\n\n<p class=\"has-text-align-left has-small-font-size wp-block-paragraph\">.htaccess<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For NGINX, place the code below in nginx.conf instead, which will function the same way.<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">location \/wp-login.php {\n    auth_basic \"Private access\";         # \u0e02\u0e49\u0e2d\u0e04\u0e27\u0e32\u0e21\u0e17\u0e35\u0e48\u0e08\u0e30\u0e41\u0e2a\u0e14\u0e07\u0e43\u0e19\u0e01\u0e25\u0e48\u0e2d\u0e07\u0e01\u0e32\u0e23\u0e22\u0e37\u0e19\u0e22\u0e31\u0e19\u0e15\u0e31\u0e27\u0e15\u0e19\n    auth_basic_user_file .htpasswd;      # \u0e44\u0e1f\u0e25\u0e4c\u0e17\u0e35\u0e48\u0e40\u0e01\u0e47\u0e1a\u0e02\u0e49\u0e2d\u0e21\u0e39\u0e25\u0e0a\u0e37\u0e48\u0e2d\u0e1c\u0e39\u0e49\u0e43\u0e0a\u0e49\u0e41\u0e25\u0e30\u0e23\u0e2b\u0e31\u0e2a\u0e1c\u0e48\u0e32\u0e19\n}<\/pre>\n\n\n\n<p class=\"has-small-font-size wp-block-paragraph\">nginx.conf<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A common issue is that .htaccess does not find the .htpasswd file. This depends on the server configuration. In some cases, using . (a dot for the current directory where .htaccess is located) will suffice, while in others, you may need to provide the absolute path to the file. If you\u2019re unsure of the absolute path, you can contact your server provider for assistance.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">After placing the .htpasswd file and modifying the .htaccess file, when attempting to access the backend by typing \/wp-login.php directly or navigating to \/wp-admin, the system will redirect to wp-login.php, where a login prompt will appear. If the username and password are entered incorrectly, access to the WordPress login page will be denied. This acts as an additional layer of protection.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"552\" src=\"https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/08\/Demo-prompt.webp\" alt=\"\" class=\"wp-image-1100\" style=\"width:640px\" srcset=\"https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/08\/Demo-prompt.webp 800w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/08\/Demo-prompt-300x207.webp 300w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/08\/Demo-prompt-768x530.webp 768w, https:\/\/doaction.co.th\/wp-content\/uploads\/2024\/08\/Demo-prompt-18x12.webp 18w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">The login prompt doesn\u2019t protect against brute force attacks 100%. Some providers install Fail2Ban to enhance the system\u2019s security. Fail2Ban monitors and blocks IPs that repeatedly attempt to attack or fail to log in, reducing the likelihood of successful brute force attacks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Preventing brute force attacks is just one method to secure WordPress, but there are many other ways. If you\u2019re interested, you can read more details <a href=\"https:\/\/developer.wordpress.org\/advanced-administration\/security\/\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>\u0e01\u0e32\u0e23\u0e44\u0e21\u0e48\u0e0b\u0e48\u0e2d\u0e19\u0e2b\u0e19\u0e49\u0e32 wp-login.php \u0e43\u0e19\u0e40\u0e27\u0e47\u0e1a\u0e44\u0e0b\u0e15\u0e4c WordPress \u0e1a\u0e19 Production \u0e40\u0e1b\u0e47\u0e19\u0e1b\u0e23\u0e30\u0e40\u0e14\u0e47\u0e19\u0e17\u0e35\u0e48\u0e2a\u0e33\u0e04\u0e31\u0e0d\u0e43\u0e19\u0e14\u0e49\u0e32\u0e19\u0e04\u0e27\u0e32\u0e21\u0e1b\u0e25\u0e2d\u0e14\u0e20\u0e31\u0e22 \u0e41\u0e21\u0e49\u0e27\u0e48\u0e32\u0e08\u0e30\u0e40\u0e1b\u0e47\u0e19\u0e40\u0e1e\u0e35\u0e22\u0e07\u0e2b\u0e19\u0e36\u0e48\u0e07\u0e43\u0e19\u0e2b\u0e25\u0e32\u0e22 \u0e46 \u0e21\u0e32\u0e15\u0e23\u0e01\u0e32\u0e23\u0e17\u0e35\u0e48\u0e04\u0e27\u0e23\u0e19\u0e33\u0e21\u0e32\u0e1b\u0e0f\u0e34\u0e1a\u0e31\u0e15\u0e34 \u0e01\u0e32\u0e23\u0e0b\u0e48\u0e2d\u0e19\u0e2b\u0e19\u0e49\u0e32 wp-login.php \u0e2a\u0e32\u0e21\u0e32\u0e23\u0e16\u0e0a\u0e48\u0e27\u0e22\u0e25\u0e14\u0e04\u0e27\u0e32\u0e21\u0e40\u0e2a\u0e35\u0e48\u0e22\u0e07\u0e08\u0e32\u0e01\u0e01\u0e32\u0e23\u0e42\u0e08\u0e21\u0e15\u0e35\u0e41\u0e1a\u0e1a Brute Force \u0e0b\u0e36\u0e48\u0e07\u0e40\u0e1b\u0e47\u0e19\u0e01\u0e32\u0e23\u0e1e\u0e22\u0e32\u0e22\u0e32\u0e21\u0e2a\u0e38\u0e48\u0e21\u0e23\u0e2b\u0e31\u0e2a\u0e1c\u0e48\u0e32\u0e19\u0e40\u0e1e\u0e37\u0e48\u0e2d\u0e40\u0e02\u0e49\u0e32\u0e2a\u0e39\u0e48\u0e23\u0e30\u0e1a\u0e1a \u0e19\u0e2d\u0e01\u0e08\u0e32\u0e01\u0e08\u0e30\u0e40\u0e1e\u0e34\u0e48\u0e21\u0e04\u0e27\u0e32\u0e21\u0e40\u0e2a\u0e35\u0e48\u0e22\u0e07\u0e15\u0e48\u0e2d\u0e01\u0e32\u0e23\u0e16\u0e39\u0e01\u0e41\u0e2e\u0e01\u0e41\u0e25\u0e49\u0e27 \u0e22\u0e31\u0e07\u0e2d\u0e32\u0e08\u0e17\u0e33\u0e43\u0e2b\u0e49\u0e40\u0e0b\u0e34\u0e23\u0e4c\u0e1f\u0e40\u0e27\u0e2d\u0e23\u0e4c\u0e17\u0e33\u0e07\u0e32\u0e19\u0e2b\u0e19\u0e31\u0e01\u0e02\u0e36\u0e49\u0e19\u0e08\u0e32\u0e01\u0e01\u0e32\u0e23\u0e42\u0e08\u0e21\u0e15\u0e35\u0e14\u0e49\u0e27\u0e22\u0e01\u0e32\u0e23\u0e2a\u0e38\u0e48\u0e21\u0e23\u0e2b\u0e31\u0e2a\u0e1c\u0e48\u0e32\u0e19\u0e2d\u0e22\u0e48\u0e32\u0e07\u0e15\u0e48\u0e2d\u0e40\u0e19\u0e37\u0e48\u0e2d\u0e07 \u0e2b\u0e32\u0e01\u0e15\u0e49\u0e2d\u0e07\u0e01\u0e32\u0e23\u0e40\u0e1b\u0e34\u0e14\u0e2b\u0e19\u0e49\u0e32 wp-login.php \u0e40\u0e2d\u0e32\u0e44\u0e27\u0e49\u0e01\u0e47\u0e2a\u0e32\u0e21\u0e32\u0e23\u0e16\u0e17\u0e33\u0e44\u0e14\u0e49 \u0e41\u0e15\u0e48\u0e04\u0e27\u0e23\u0e21\u0e35\u0e01\u0e32\u0e23\u0e15\u0e31\u0e49\u0e07\u0e04\u0e48\u0e32\u0e08\u0e33\u0e01\u0e31\u0e14\u0e08\u0e33\u0e19\u0e27\u0e19\u0e04\u0e23\u0e31\u0e49\u0e07\u0e43\u0e19\u0e01\u0e32\u0e23\u0e1e\u0e22\u0e32\u0e22\u0e32\u0e21\u0e40\u0e02\u0e49\u0e32\u0e2a\u0e39\u0e48\u0e23\u0e30\u0e1a\u0e1a \u0e41\u0e25\u0e30\u0e2b\u0e32\u0e01\u0e40\u0e01\u0e34\u0e19\u0e08\u0e33\u0e19\u0e27\u0e19\u0e17\u0e35\u0e48\u0e01\u0e33\u0e2b\u0e19\u0e14\u0e01\u0e47\u0e2a\u0e32\u0e21\u0e32\u0e23\u0e16\u0e15\u0e31\u0e49\u0e07\u0e04\u0e48\u0e32\u0e43\u0e2b\u0e49\u0e41\u0e1a\u0e19 IP \u0e44\u0e14\u0e49 \u0e27\u0e34\u0e18\u0e35\u0e19\u0e35\u0e49\u0e14\u0e35\u0e01\u0e27\u0e48\u0e32\u0e01\u0e32\u0e23\u0e40\u0e1b\u0e34\u0e14\u0e44\u0e27\u0e49\u0e42\u0e14\u0e22\u0e44\u0e21\u0e48\u0e21\u0e35\u0e01\u0e32\u0e23\u0e08\u0e33\u0e01\u0e31\u0e14\u0e2d\u0e30\u0e44\u0e23\u0e40\u0e25\u0e22 \u0e40\u0e19\u0e37\u0e48\u0e2d\u0e07\u0e08\u0e32\u0e01 bot \u0e21\u0e31\u0e01\u0e08\u0e30\u0e27\u0e34\u0e48\u0e07\u0e2b\u0e32 wp-login.php \u0e42\u0e14\u0e22\u0e2d\u0e31\u0e15\u0e42\u0e19\u0e21\u0e31\u0e15\u0e34\u0e41\u0e25\u0e30\u0e1e\u0e22\u0e32\u0e22\u0e32\u0e21\u0e40\u0e02\u0e49\u0e32\u0e2a\u0e39\u0e48\u0e23\u0e30\u0e1a\u0e1a \u0e2b\u0e32\u0e01\u0e40\u0e23\u0e32\u0e40\u0e1b\u0e25\u0e35\u0e48\u0e22\u0e19 URL \u0e02\u0e2d\u0e07\u0e2b\u0e19\u0e49\u0e32\u0e25\u0e47\u0e2d\u0e01\u0e2d\u0e34\u0e19 \u0e01\u0e47\u0e08\u0e30\u0e0a\u0e48\u0e27\u0e22\u0e16\u0e48\u0e27\u0e07\u0e40\u0e27\u0e25\u0e32\u0e43\u0e2b\u0e49 bot \u0e2b\u0e32\u0e2b\u0e19\u0e49\u0e32\u0e25\u0e47\u0e2d\u0e01\u0e2d\u0e34\u0e19\u0e44\u0e14\u0e49\u0e22\u0e32\u0e01\u0e02\u0e36\u0e49\u0e19 \u0e0b\u0e36\u0e48\u0e07\u0e0a\u0e48\u0e27\u0e22\u0e40\u0e1e\u0e34\u0e48\u0e21\u0e04\u0e27\u0e32\u0e21\u0e1b\u0e25\u0e2d\u0e14\u0e20\u0e31\u0e22\u0e43\u0e2b\u0e49\u0e01\u0e31\u0e1a\u0e40\u0e27\u0e47\u0e1a\u0e44\u0e0b\u0e15\u0e4c\u0e44\u0e14\u0e49\u0e21\u0e32\u0e01\u0e02\u0e36\u0e49\u0e19 \u0e04\u0e33\u0e41\u0e19\u0e30\u0e19\u0e33\u0e40\u0e23\u0e37\u0e48\u0e2d\u0e07\u0e01\u0e32\u0e23\u0e1b\u0e49\u0e2d\u0e07\u0e01\u0e31\u0e19 Brute Force \u0e08\u0e32\u0e01 WordPress \u0e42\u0e14\u0e22\u0e15\u0e32\u0e21\u0e04\u0e33\u0e41\u0e19\u0e30\u0e19\u0e33\u0e40\u0e1b\u0e47\u0e19\u0e17\u0e32\u0e07\u0e01\u0e32\u0e23\u0e02\u0e2d\u0e07 WordPress \u0e40\u0e23\u0e37\u0e48\u0e2d\u0e07\u0e01\u0e32\u0e23\u0e1b\u0e49\u0e2d\u0e07\u0e01\u0e31\u0e19 Brute Force \u0e41\u0e19\u0e30\u0e19\u0e33\u0e43\u0e2b\u0e49\u0e17\u0e31\u0e49\u0e07\u0e2b\u0e21\u0e14\u0e14\u0e31\u0e07\u0e19\u0e35\u0e49 \u0e27\u0e34\u0e18\u0e35\u0e01\u0e32\u0e23\u0e2a\u0e23\u0e49\u0e32\u0e07 .htpasswd \u0e40\u0e1e\u0e37\u0e48\u0e2d\u0e1b\u0e49\u0e2d\u0e07\u0e01\u0e31\u0e19\u0e01\u0e32\u0e23\u0e40\u0e02\u0e49\u0e32\u0e16\u0e36\u0e07 wp-login \u0e42\u0e14\u0e22\u0e15\u0e23\u0e07 \u0e27\u0e34\u0e18\u0e35\u0e01\u0e32\u0e23\u0e0b\u0e48\u0e2d\u0e19\u0e01\u0e32\u0e23\u0e40\u0e02\u0e49\u0e32\u0e16\u0e36\u0e07 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1116,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gspb_post_css":"","inline_featured_image":false,"footnotes":""},"categories":[43],"tags":[71,72,70,49],"class_list":["post-1013","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledge","tag-layer","tag-login","tag-security","tag-wordpress"],"acf":{"eng_thumbnail":1116,"eng_title":"Enhance Security: Add a Layer by Hiding wp-login for WordPress","eng_description":"Not hiding the wp-login.php page on a WordPress site when it goes into production is an important security issue. While it is just one of many security measures that should be implemented, hiding the wp-login.php page can help reduce the risk of brute force attacks, which involve trying to guess passwords to gain access. This not only increases the risk of being hacked but can also cause the server to work harder due to continuous password-guessing attacks."},"_links":{"self":[{"href":"https:\/\/doaction.co.th\/en\/wp-json\/wp\/v2\/posts\/1013","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/doaction.co.th\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/doaction.co.th\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/doaction.co.th\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/doaction.co.th\/en\/wp-json\/wp\/v2\/comments?post=1013"}],"version-history":[{"count":3,"href":"https:\/\/doaction.co.th\/en\/wp-json\/wp\/v2\/posts\/1013\/revisions"}],"predecessor-version":[{"id":1485,"href":"https:\/\/doaction.co.th\/en\/wp-json\/wp\/v2\/posts\/1013\/revisions\/1485"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/doaction.co.th\/en\/wp-json\/wp\/v2\/media\/1116"}],"wp:attachment":[{"href":"https:\/\/doaction.co.th\/en\/wp-json\/wp\/v2\/media?parent=1013"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/doaction.co.th\/en\/wp-json\/wp\/v2\/categories?post=1013"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/doaction.co.th\/en\/wp-json\/wp\/v2\/tags?post=1013"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}