I’ve mentioned before that Incapsula is a part of my security toolkit with my WordPress sites, but it’s now even better.
Incapsula now has a feature called Login Protect, which is available even to those with free accounts. Login Protect adds another layer of security called one-factor authentication when you log into WordPress (obviously), which is a bit of an irritation when you just want to get something posted, but it forces anyone wishing to gain illicit access to your site to hack your e-mail, too, to do so.
You can set up Login Protect by basically just turning it on in your Incapsula control panel and supplying a little information. However, for full security, there are two additional settings you can specify.
- Protect admin area: “URL Starts with”, “/wp-admin”.
- Protect WP login page: “URL is”, “/wp-login.php”.