WordPress powers more than a quarter of all websites, so it’s no surprise that it gets hacked frequently. Automattic, the developers of WordPress, does a good job rolling out updates to keep ahead of hackers and other malicious parties. However, many unsavory individuals love to perform brute force attacks on WordPress sites to take advantage of weak password security. So in this article, I will teach you how to password protect your WordPress admin directory or login page to add an extra layer of security.
You might think that the default WordPress login page is enough to keep away hackers. That’s true, but you don’t want to take any chances. Brute force attacks are getting more and more sophisticated by the day. You can totally stop all brute force attacks by putting up password protection on your WordPress admin or login area.
You don’t need to log in to your Cpanel. All you need are a text editor such as Notepad (I use Araneae, such a simple yet amazing tool) and an FTP client like Filezilla.
Create a .htpasswd File
First, we need to create a .htpasswd file. Open this online .htpasswd generator and generate the code. Remember to use a username and password that you can remember easily, and that cannot be guessed by other people. Don’t use the username and password of your WordPress installation; that’s a different one. Copy the code into your text editor and save it as .htpasswd.
Upload the .htpasswd File to Your Server
Fire up Filezilla or any FTP client and log in to your server. Create a folder outside the root directory (public_html) and upload the .htpasswd file there. Make sure that you use an uncommon name for the folder, such as “quickandeasy143”.
Edit .htaccess
Now download the .htaccess file from the root directory and add the following code:
# To prevent loops ErrorDocument 401 default # Protect wp-login <Files wp-login.php> AuthUserFile /home/zumbsirh/quickandeasy143/.htpasswd AuthName "Private access" AuthType Basic require valid-user </Files> <Files admin-ajax.php> Order allow,deny Allow from all Satisfy any </Files>
Note: change “/home/zumbsirh/quickandeasy143/.htpasswd” to the location of your .htpasswd file. If you don’t know the full server path, please follow these instructions or ask your web host.
Upload the edited .htaccess file to the root directory, replacing the old one (make a backup first, just in case).
Be sure to test it to ensure that it’s working and that you can access the login area after entering your username and password.
That’s it! Just follow those steps to password protect your WordPress website. Don’t forget to use a security plugin like Wordfence and update your plugins regularly to protect your site further.
Discussion about this post