How to Password Protects WordPress Admin Directory

WP Admin Directory is an essential directory for every WordPress sites. It has all the necessary files which make WordPress run. Security is a major concern for every blogger. While securing the blog, bloggers do not leave a single way through which they can provide security their best.

Securing WordPress also involves protecting WP-admin directory. As a blogger, you must know that once a hacker gains access to your WordPress dashboard, it is game over. So adding an extra layer of security is always best.

In this guide, I will show you how to secure and password protects WordPress Admin directory and wp-login.php from invalid login attempts.

Protecting WordPress Admin directory is an easy way to add additional protection against bots and hackers. To complete this protection, follow the below steps:

  1. Login to cPanel.
  2. Click Directory Privacy under Files.

    Directory Privacy
    Directory Privacy
  3. Go to public_html directory
  4. Click the text of wp-admin.

    password-protect wp-admin
    password-protect wp-admin
  5. Click the checkbox next to Password protect this directory.
  6. Enter a phrase such as Protected in the Name for the protected directory.
  7. Now create a new username and password. This will the same username and password you will have to use when you visit
    Use password generator option to create a strong password.
  8. Click Save button.
  9. Now, go back to the main cPanel page.
  10. Open file manager. Make sure you have selected Show Hidden Files with the pop-up.
  11. Navigate to the wp-admin folder.
  12. Right Click the .htaccess file and click Code Edit and click Edit on a popup.
  13. Now, you have to add following code at the bottom of the file wp-admin/.htaccess

    ErrorDocument 401 "Denied"
    ErrorDocument 403 "Denied"
    AuthType Basic
    AuthName "Protected"
    AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
    require valid-user
  14. Now click on Save Changes button at the top.

This code allows WordPress to recognize this additional password protection.

This will password protect your complete wp-admin directory. Still one can easily get access using the wp-login.php file, so to password protect it add following code to the root .htaccess file.

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

<FilesMatch "wp-login.php">
AuthType Basic
AuthName "Protected"
AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
require valid-user

If your theme or plugin uses an admin-ajax.php file to work then add following code to a .htaccess file in the wp-admin directory.

# Allow plugin/theme access to admin-ajax.php
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any

You are all set now with providing an additional layer of security to your blog. Now, when someone tries to login or accessing the dashboard of your WordPress site/blog, he/she will get authentication required error.

Is this tutorial helpful for you? Let me know if you faced any issues in the comments sections below.

Amit Malewar
Amit Malewar has been the tutorial writer since 2013. His passion for helping people in all aspects of technology flow through in the expert coverage he provides. In addition to writing for InfoPhilic, Amit loves to read and try new things.


Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.


Please enter your comment!
Please enter your name here