How to Password Protects WordPress Admin Directory

WP Admin Directory is an essential directory for every WordPress sites. It has all the necessary files which make WordPress run. Security is a major concern for every blogger. While securing the blog, bloggers do not leave a single way through which they can provide security their best.

Securing WordPress also involves protecting WP-admin directory. As a blogger, you must know that once a hacker gains access to your WordPress dashboard, it is game over. So adding an extra layer of security is always best.

In this guide, I will show you how to secure and password protects WordPress Admin directory and wp-login.php from invalid login attempts.

Protecting WordPress Admin directory is an easy way to add additional protection against bots and hackers. To complete this protection, follow the below steps:

  1. Login to cPanel.
  2. Click Directory Privacy under Files.

    Directory Privacy
    Directory Privacy
  3. Go to public_html directory
  4. Click the text of wp-admin.

    password-protect wp-admin
    password-protect wp-admin
  5. Click the checkbox next to Password protect this directory.
  6. Enter a phrase such as Protected in the Name for the protected directory.
  7. Now create a new username and password. This will the same username and password you will have to use when you visit yourdomain.com/wp-admin/.
    Use password generator option to create a strong password.
  8. Click Save button.
  9. Now, go back to the main cPanel page.
  10. Open file manager. Make sure you have selected Show Hidden Files with the pop-up.
  11. Navigate to the wp-admin folder.
  12. Right Click the .htaccess file and click Code Edit and click Edit on a popup.
  13. Now, you have to add following code at the bottom of the file wp-admin/.htaccess

    ErrorDocument 401 "Denied"
    ErrorDocument 403 "Denied"
    
    AuthType Basic
    AuthName "Protected"
    AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
    require valid-user
  14. Now click on Save Changes button at the top.

This code allows WordPress to recognize this additional password protection.

This will password protect your complete wp-admin directory. Still one can easily get access using the wp-login.php file, so to password protect it add following code to the root .htaccess file.

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

<FilesMatch "wp-login.php">
AuthType Basic
AuthName "Protected"
AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
require valid-user
</FilesMatch>

If your theme or plugin uses an admin-ajax.php file to work then add following code to a .htaccess file in the wp-admin directory.

# Allow plugin/theme access to admin-ajax.php
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>

You are all set now with providing an additional layer of security to your blog. Now, when someone tries to login or accessing the dashboard of your WordPress site/blog, he/she will get authentication required error.

Is this tutorial helpful for you? Let me know if you faced any issues in the comments sections below.

ALSO READ

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

Comment Policy: Your words are your own, so be nice and helpful if you can. Please, only use your real name and limit the amount of links submitted in your comment. We accept clean XHTML in comments, but don't overdo it please.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

GET STARTED

Start WordPress Blog: Ultimate Guide For Beginners

Here is our step by step guide for beginners to start a WordPress blog.

Top 6 Best WordPress Theme Frameworks

There are many websites themes which are created by using a framework. Likewise, WordPress Theme frameworks also becoming so popular. The framework allows you...

The Most Essential WordPress Plugins

Here, I have listed some excellent plugins which will surely add more features and new functionality to your WordPress blog.

Tips to Speed Up WordPress Performance

Here, I am sharing some tips to speed up WordPress performance. All you need to modify .htaccess file on your server and add some plugins.

The Ultimate Guide to Harden WordPress Security

Learn how to improve WordPress security. Here are some basic security concepts that will help you to harden WordPress security.

How to Setup CloudFlare Free SSL for WordPress Blog

Google has announced that they will count HTTPS as a ranking factor which means if you using HTTPS you will get a higher position...

DEALS

Genesis Framework

The Genesis Framework empowers you to quickly and easily build incredible websites with WordPress.

POPULAR NOW

Get almost 100% PageSpeed on Newspaper theme

The newspaper theme is the most popular premium theme for a self-hosted WordPress blog. The theme is developed by team tagDiv. You...

How to Remove jQuery Migrate in WordPress?

jQuery Migrate greatly simplifies the process of moving older jQuery code to a higher jQuery version by identifying deprecated features. It then restores deprecated...

How To Reduce Admin-Ajax Server Load In WordPress

To increase better user experience, we always end up by increasing site speed. After clicking a website link seems like a simple thing. But...

Best Guide on Removing v=XXXX string from WordPress URLs

You might have noticed strange v=xxxx string in your WordPress URL. This string is comprised of an apparently arbitrary letter and numbers added as a parameter...

Tips to Speed Up WordPress Performance

Here, I am sharing some tips to speed up WordPress performance. All you need to modify .htaccess file on your server and add some plugins.

How to Display Featured Image Before or After Entry Title in Genesis

Learn how to add featured image to a single post or a page in Genesis child themes. You can set it to display featured...