How to Secure Your Local Government Login Page

if your local government website is powered by WordPress then many people already know how to get to your login page. Knowing this information can be the first step to having your city’s website hacked. Following this tutorial to secure your website’s login page can make it harder for hackers to break in.

Our Login Tests

We looked at a handful of surrounding towns in Illinois that are using WordPress to run their municipality and from those selected we were able to get to every login page. If we knew more about unethical hacking then we could be inclined to try and hack our way into each town’s website. Since we don’t and we’re ethical we didn’t try — not to mention it is somewhat illegal.

How to Secure Your Login Page

By adding a few lines of code in the .htacess file and one file to your server we can add an additional login before the standard WordPress login page and prevent brute force attacks.

  1. Ensure that you can see hidden files on your server
  2. Create a file called .wpadminlogin and place it at /home/<user>/.wpadminlogin
  3. Visit http://www.htaccesstools.com/htpasswd-generator/
  4. Enter a username and password for your .htaccess login
  5. Click the create .htpasswd file button and copy the code that was generated
  6. Open .wpadminlogin, paste the code and save the file
  7. Create or open your .htacess file and enter the following code
     
    ErrorDocument 401 "Login Unavailable"
    ErrorDocument 403 "Forbidden"
     
    <FilesMatch "wp-login.php">
    AuthName "Authorized Only"
    AuthType Basic
    AuthUserFile /home/user_name/public_html/.wpadminlogin
    require valid-user
    </FilesMatch>

  8. Save and test by trying to visit the login page.

You should now be prompted to enter the username and password you created in step 4. If you are not seeing the additional login try clearing your cache or try another browser.

Secure your local governments website login page

Questions?

Feel free to contact us if you have any questions, concerns or issues.

Let's Stay Connected

We'll send you an occassional email when we post new resources. We'll never sell your email address and you can unsubscribe at any time.
Try it out — it's free.