How To Password Protect Your WordPress Admin Directory (WP-Admin)
As you read the title, you are probably wondering isn’t the
wp-admin directory already password protected. You are required to login right.
Well that is true, but to add an additional layer of security popular sites
often add an extra layer of authentication.
In this article, we will show you a step by step
guide on how to password protect your WordPress admin (wp-admin) directory.
Why A Second Username And Password?
For me, personally, I have a WordPress security plugin that
notifies me, by email, every time some jerk tries to log in to my WordPress
wp-admin. The most frequently entered username guess these hackers try
include!
--- admin. Most common guess. Lesson here: when you install
WordPress DO NOT USE the default-admin for a username and choose a
strong Strong Password.
--- wp-admin.
--- no_matches.
I was shocked to learn that hackers try to access my
wp-admin page between 6-15 times a day! I guarantee all WordPress sites
experience the same thing. I got tired of getting these emails from my
WordPress security plugin so I decided to add an extra username and password so
the idiots can’t even get to the default wp-admin username and password form in
the first place.
The WordPress wp-admin Folder Already Has A Username And Password
By adding a second layer of authentication security it would
take one seriously skilled hacker to be able to get in.
Password Protect WP-ADMIN With Your Hosting Control Panel
This is probably the easiest way as you don’t have to mess
with .htaccess and .htpasswd files. Here I will provide examples for Hostgator hosting.
To keep things easy and simple, we will only cover cPanel web hosting companies here just because cPanel has an easy enough interface to add password protected directories.
To keep things easy and simple, we will only cover cPanel web hosting companies here just because cPanel has an easy enough interface to add password protected directories.
When you click on that, a lightbox popup will show up asking
for directory location. Just click on web root. Once you are there, navigate to
the folder where your WordPress is hosted. Then click on the /wp-admin/ folder.
You will see a screen like this.
Simply check the box to password protect the directory. Then
create a user for the directory. That is it. Now when you try to access your
wp-admin directory, you should see an authentication required box like this.
Manual Method
First create a .htpasswds file. You can do so easily by
using This Generator. Upload this file
outside your /public_html/ directory. A good path would be:
home/user/.htpasswds/public_html/wp-admin/passwd/
Then, create a .htaccess file and upload it in /wp-admin/
directory. Then add the following codes in there.
AuthName "Admins Only" AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd AuthGroupFile /dev/null AuthType basic require user putyourusernamehere
You must update your username in there. Also don’t forget to
update the AuthUserFile location path.
I Have A 404 Error Or A Too Many Redirects Error
Well this can happen depending on how your server is
configured. To fix this issue, open your main WordPress .htaccess file and add
the following code there before the WordPress rules start.
ErrorDocument 401 default
Well there you have it. Now you have double authentication
for your WordPress admin area. This is a good alternative to Limitingwp-admin Access By IP Address.
Update:- Here Is How To Fix The Admin Ajax Issue
If you password protect your WordPress Admin directory, then
it will break the Ajax
functionality in the front-end (if it is being used). In our case, we don’t
have any plugins that is using ajax
in the front-end. But if you do, then here is how you fix that issue.
Open the .htaccess file located in your /wp-admin/ folder
(This is NOT the main .htaccess file that we edited above).
In the wp-admin .htaccess file, paste the following code:
<Files admin-ajax.php> Order allow,deny Allow from all Satisfy any </Files>
Follow this article, if you still get any error, please notify me in comments, I will try to solve those errors elegantly.
No comments:
Post a Comment