How to Password Protects WordPress Admin Directory

0
Password Protects WordPress Admin Directory

WP Admin Directory is an essential directory for every WordPress sites. It has all the necessary files which make WordPress run. Security is a major concern for every blogger. While securing the blog, bloggers do not leave a single way through which they can provide security their best.

Securing WordPress also involves protecting WP-admin directory. As a blogger, you must know that once a hacker gains access to your WordPress dashboard, it is game over. So adding an extra layer of security is always best.

In this guide, I will show you how to secure and password protects WordPress Admin directory and wp-login.php from invalid login attempts.

Protecting WordPress Admin directory is an easy way to add additional protection against bots and hackers. To complete this protection, follow the below steps:

  1. Login to cPanel.
  2. Click Directory Privacy under Files.

    Directory Privacy
    Directory Privacy
  3. Go to public_html directory
  4. Click the text of wp-admin.

    password-protect wp-admin
    password-protect wp-admin
  5. Click the checkbox next to Password protect this directory.
  6. Enter a phrase such as Protected in the Name for the protected directory.
  7. Now create a new username and password. This will the same username and password you will have to use when you visit yourdomain.com/wp-admin/.
    Use password generator option to create a strong password.
  8. Click Save button.
  9. Now, go back to the main cPanel page.
  10. Open file manager. Make sure you have selected Show Hidden Files with the pop-up.
  11. Navigate to the wp-admin folder.
  12. Right Click the .htaccess file and click Code Edit and click Edit on a popup.
  13. Now, you have to add following code at the bottom of the file wp-admin/.htaccess

    ErrorDocument 401 "Denied"
    ErrorDocument 403 "Denied"
    
    AuthType Basic
    AuthName "Protected"
    AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
    require valid-user
  14. Now click on Save Changes button at the top.

This code allows WordPress to recognize this additional password protection.

This will password protect your complete wp-admin directory. Still one can easily get access using the wp-login.php file, so to password protect it add following code to the root .htaccess file.

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

<FilesMatch "wp-login.php">
AuthType Basic
AuthName "Protected"
AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
require valid-user
</FilesMatch>

If your theme or plugin uses an admin-ajax.php file to work then add following code to a .htaccess file in the wp-admin directory.

# Allow plugin/theme access to admin-ajax.php
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>

You are all set now with providing an additional layer of security to your blog. Now, when someone tries to login or accessing the dashboard of your WordPress site/blog, he/she will get authentication required error.

Is this tutorial helpful for you? Let me know if you faced any issues in the comments sections below.