Friday, 21 July 2017

How to Password Protect Your WordPress Admin (wp-admin) Directory

Each and every WordPress users know the login page that is www.wpsite.com/wp-admin. First thing hackers try on these WordPress site is to access your site through wp-login page.

WordPress websites and blogs are prone to Brute Force attacks and a recommended way to prevent your site against such attacks is to protect your wp-admin folder with a password. In this article, we will show you a step by step guide on how to password protect your WordPress admin (wp-admin) directory.

To keep things easy and simple, we will only cover cPanel web hosting companies here just because cPanel has an easy enough interface to add password protected directories.

Using cPanel Directory Privacy -

Login to your cPanel. Scroll down till you see the Security Tab. Click on the “Directory Privacy” icon.

When you click on that, you will be taken to another page asking directory location. Just click on web root. Once you are there, navigate to the folder where your WordPress is hosted. Then click on the /wp-admin/ folder. You will see a screen like this:

Now next you will be taken to another page, which will look somewhat like the image below. We are setting permission for /home/xyz/public_html/wordpress-installation/wp-admin. Now simply check the box Password Protect this directory then give a name and click on save.

Now we need to create a user for accessing the Directory. Type your desired username and password.
Pro Tip: Use Password Generator to Generate Password.

Manual Method -

First create a .htpasswds file. You can do so easily by using this generator. Upload this file outside your /public_html/ directory. You can upload this anywhere but outside public_html, the location we will use for this tutorial is
home/user/.htpasswds/public_html/wp-admin/passwd/
Then, create a .htaccess file and upload it in /wp-admin/ directory. Then add the following codes in there:
AuthName "Admins Only"
AuthUserFile /home/directory/.htpasswds/public_html/wp-admin/passwd //Replace with your location of .htpasswds
AuthGroupFile /dev/null
AuthType basic
require user usernamehere //Replace with your username
You must update your username in there. Also don’t forget to update the AuthUserFile location path.

If you have any issues regarding this tutorial or if you get stuck somewhere then comment below or you can also contact me using this page.
Source for Code
Click to load Comments

0 comments