How to Password Protects WordPress Admin Directory

Join InfoPhilic Community!

Let's build a community to help & encourage each other to grow!

WP Admin Directory is an essential directory for every WordPress sites. It has all the necessary files which make WordPress run. Security is a major concern for every blogger. While securing the blog, bloggers do not leave a single way through which they can provide security their best.

Securing WordPress also involves protecting WP-admin directory. As a blogger, you must know that once a hacker gains access to your WordPress dashboard, it is game over. So adding an extra layer of security is always best.

In this guide, I will show you how to secure and password protects WordPress Admin directory and wp-login.php from invalid login attempts.

Protecting WordPress Admin directory is an easy way to add additional protection against bots and hackers. To complete this protection, follow the below steps:

  1. Login to cPanel.
  2. Click Directory Privacy under Files.

    Directory Privacy
    Directory Privacy
  3. Go to public_html directory
  4. Click the text of wp-admin.

    password-protect wp-admin
    password-protect wp-admin
  5. Click the checkbox next to Password protect this directory.
  6. Enter a phrase such as Protected in the Name for the protected directory.
  7. Now create a new username and password. This will the same username and password you will have to use when you visit
    Use password generator option to create a strong password.
  8. Click Save button.
  9. Now, go back to the main cPanel page.
  10. Open file manager. Make sure you have selected Show Hidden Files with the pop-up.
  11. Navigate to the wp-admin folder.
  12. Right Click the .htaccess file and click Code Edit and click Edit on a popup.
  13. Now, you have to add following code at the bottom of the file wp-admin/.htaccess

    ErrorDocument 401 "Denied"
    ErrorDocument 403 "Denied"
    AuthType Basic
    AuthName "Protected"
    AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
    require valid-user
  14. Now click on Save Changes button at the top.

This code allows WordPress to recognize this additional password protection.

This will password protect your complete wp-admin directory. Still one can easily get access using the wp-login.php file, so to password protect it add following code to the root .htaccess file.

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

<FilesMatch "wp-login.php">
AuthType Basic
AuthName "Protected"
AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
require valid-user

If your theme or plugin uses an admin-ajax.php file to work then add following code to a .htaccess file in the wp-admin directory.

# Allow plugin/theme access to admin-ajax.php
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any

You are all set now with providing an additional layer of security to your blog. Now, when someone tries to login or accessing the dashboard of your WordPress site/blog, he/she will get authentication required error.

Is this tutorial helpful for you? Let me know if you faced any issues in the comments sections below.

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

Comment Policy: Your words are your own, so be nice and helpful if you can. Please, only use your real name and limit the amount of links submitted in your comment. We accept clean XHTML in comments, but don't overdo it please.


Please enter your comment!
Please enter your name here


Start WordPress Blog: Ultimate Guide For Beginners

Here is our step by step guide for beginners to start a WordPress blog.

Top 6 Best WordPress Theme Frameworks

There are many websites themes which are created by using a framework. Likewise, WordPress Theme frameworks also becoming so popular. The framework allows you...

The Most Essential WordPress Plugins

Here, I have listed some excellent plugins which will surely add more features and new functionality to your WordPress blog.

Tips to Speed Up WordPress Performance

Here, I am sharing some tips to speed up WordPress performance. All you need to modify .htaccess file on your server and add some plugins.

The Ultimate Guide to Harden WordPress Security

Learn how to improve WordPress security. Here are some basic security concepts that will help you to harden WordPress security.

How to Setup CloudFlare Free SSL for WordPress Blog

Google has announced that they will count HTTPS as a ranking factor which means if you using HTTPS you will get a higher position...



MonsterInsights is the best Google Analytics plugin for WordPress. Setup Google Analytics for WordPress with just a few clicks.


Get almost 100% PageSpeed on Newspaper theme

The newspaper theme is the most popular premium theme for a self-hosted WordPress blog. The theme is developed by team tagDiv. You...

How to Remove jQuery Migrate in WordPress?

jQuery Migrate greatly simplifies the process of moving older jQuery code to a higher jQuery version by identifying deprecated features. It then restores deprecated...

Tips to Speed Up WordPress Performance

Here, I am sharing some tips to speed up WordPress performance. All you need to modify .htaccess file on your server and add some plugins.

How to Properly Delete a WordPress Post or Page?

You sometimes want to delete a page from your site for many reasons. When you taking a step forward, you are going to remove...

How to Prevent Invalid Activity

Publishers expect that their content should be viewed by legitimate consumers. However, criminal organizations have attacked the digital ad ecosystem with malware and other methods that...

How to create News Sitemap for WordPress site?

Learn how to create special news sitemap for your WordPress blog/ website using Yoast News SEO plugin and Jetpack plugin.