Assuming a theme is properly secured, how save is the WordPress admin?

If someone has managed to access the admin area by making it look like they are someone else, isn’t it all over anyway?

This to me is more part of your exclusions as this is the main way anyone gains access through WordPress… So not really, if you have a backup, just drop the Database, upload your backup and change the passwords – then perhaps look into additional security. A good plan is to not name the admin as admin for example (doing this on one site prevented a lot of spam attempted logins for me with people attempting to guess the password)

How likely is it that someone unwanted infiltrates the WordPress admin area?

This depends on your set up really, what security plugins you have, or if you’ve manually set up any restricted access such as IP blocking for certain files. The more you put in the more they’ve got to deal with. Most of these are risk reduction techniques which help to prevent brute force, etc.

The only other thing I can think of is to keep your web server maintained, secure and up to date so that users cannot use vulnerability loopholes to gain access to your servers.

WordPress accept security reports so as a community the more that is brought to their attention, in theory, the more secure WordPress will become. To be honest, unless your website is popular, and getting regular spam, hits, etc, you’re probably not going to be worth a hackers time.

Related Posts:

  1. wp_verify_nonce vs check_admin_referer
  2. How does admin-ajax.php work?
  3. Securing Admin Accounts – Username Discovery
  4. Don’t attribute content to admin users
  5. WordPress ACL (folder + permissions)
  6. using rewrites to secure login page
  7. How do I diagnose a plugin resource 404?
  8. WordPress Brute Force Prevention
  9. Changing admin user id for database
  10. WordPress custom admin functions security
  11. Does deleting the table users prevent all logins?
  12. Why does my admin email address keep changing to something random?
  13. Where to store publicly-accessible files
  14. how to know if admin is in edit page or post [duplicate]
  15. How to remove entire admin menu?
  16. How can I target WordPress 3.8 new interface MP6 with CSS?
  17. initial sort order for a sortable custom column in admin
  18. Read only capability for custom post in admin area
  19. How can ‘admin_email’ be set?
  20. How to change WordPress default strings?
  21. Remove ability to access certain admin menus
  22. Gutenberg “Add Block” button is not active (greyed out), cannot add new blocks
  23. How To View Site from Non-Logged-In User’s Perspective
  24. Daily notices of failed login attempts for non-existent admin user
  25. Reorder plugin items in the admin menu
  26. Wrong url in sortable column headers & pagination in the admin, when behind a proxy
  27. Reference external file as a function
  28. Is it possible to hook AJAX to UPDATE-button?
  29. Get email address of type Administrator
  30. Check if user is logged in else login page
  31. Which hook for processing plugin page form data?
  32. Calling a shortcode in the backend
  33. Add tabbed menu to admin page
  34. WYSIWYG – Getting the “link” button from HTML mode in Visual mode
  35. Error thrown. Cannot create references to/from string offsets
  36. How to receive security update notification email?
  37. Include admins in author drop-down on edit post screen
  38. How can I restore admin capabilities?
  39. Adding another “Add Post” button to admin
  40. Admin page redirect to another admin page
  41. How to solve 500 Error on WordPress Admin Dashboard due to time-out on getdirsize
  42. Enabling users to replace site title (text) with a image logo (but keeping the text if there isn’t any image)?
  43. WordPress How to begin editing from admin page (please see picture)
  44. WordPress as a web app – always auto-save post and meta data
  45. Determining whether it’s a AJAX call from front-end or from back-end
  46. Disable the “Skip to Toolbar” tabbing accessibility feature
  47. Custom Thickbox Broken on Dashboard Page?
  48. Categorizing Page Templates
  49. Super slow admin panel
  50. Save author posts as in pending review – block users updating their posts
  51. POMO_Reader->substr() call endless loop?
  52. jQuery UI AutoComplete & wp_enqueue_script
  53. Are there mutiple ways to get usernames (as a hacker)
  54. Add custom button next to native “Apply” button in the edit-tag screen
  55. Enqueue and Dequeue from admin bar nodes
  56. How to enqueue admin content outside admincp
  57. admin_enqueue_scripts the same css file as wp_enqueue_style
  58. How do I correctly transfer my site from one domain to another?
  59. Unable to get to the admin panel
  60. Where can I store common cross-site text (e.g. headings, titles etc.)
  61. get_current_screen and the WP_Screen class
  62. How to find a spam link?
  63. Is there alternative to WP_List_Table?
  64. How to change all “Post” texts in dahboard into “Article”?
  65. How to modify admin headers
  66. Directly editing content on webpage, is it possible?
  67. Admin user lacks admin permissions after hack and can’t reinstate
  68. “sufficient permissions” error for admin after duplicating WP database to new install
  69. Posts in sidebar only by admin
  70. How to remove the default checked attribute from inputs in admin?
  71. I can’t enter the control panel of my wordpress site after channing the URL to https://
  72. Admin user column sort by numeric meta key
  73. Shop in Subdomain feeding main domain order in admin area
  74. Error 404 Display on otherlinks apart from homepage
  75. I can’t access login page
  76. Admin Access for specific page(s)
  77. Get Link of Page Selected through a Select Field in Custom Admin Page
  78. Sortable admin columns by 0.00 number
  79. WordPress Admin Thickbox: Remove Margins/Padding
  80. how to disable the e-mail verification on wp-admin/options-general.php multisite admin e-mail
  81. How to change the title attribute for the WP logo image on wp-login.php
  82. WordPress Admin Email
  83. conditionally update css on edit.php
  84. Simple CSS admin pagination
  85. Can I show the tag admin interface on a post when logged in as an admin?
  86. WordPress “Hide WP” Gives Me Error After Admin Login [closed]
  87. Editing post in admin panel
  88. Making a custom upload form and page in the admin section
  89. site admin for subscribers
  90. Customise the add media pop-up to include rel attribute option
  91. Custom Div with links on Admin Bar
  92. WordPress admin loads erratically “connection reset by peer”
  93. How to fix broken admin Thickbox?
  94. New User Notification – Setting Email
  95. Can’t access my wp admin: captcha images invisible, gives me error message
  96. Pull Random Images From Options Page [closed]
  97. Woo Commerce Settings for Check-out Form [closed]
  98. Add custom css class to wp-list-table row for custom post type
  99. Custom column with post ID not working in CPT
  100. Modify ‘the_content’ appearance in the admin area