Jump to content

Password Protect Your WordPress Admin (wp-admin) Directory


c0d1ng

Recommended Posts

  • Verified Account

wp_admin.jpg.f19fe3b44930234b33ad9f656449e49a.jpg

As you read the title, you are probably wondering isn’t the wp-admin directory already password protected. You are required to login right. Well that is true, but to add an additional layer of security popular sites often add an extra layer of authentication. Few days ago, we started seeing some suspicious activity on WPBeginner, so our host HostGator advised us to password protect our WordPress admin directory. Apparently popular sites like Mashable do the same. In this article, we will show you a step by step guide on how to password protect your WordPress admin (wp-admin) directory.

To keep things easy and simple, we will only cover cPanel web hosting companies here just because cPanel has an easy enough interface to add password protected directories. 

Login to your cPanel. Scroll down till you see the Security Tab. Click on the “Password Protect Directories” icon.

passwordprotectdirectories.jpg.0b4680631d7e4230dca0bd5434867949.jpg

When you click on that, a lightbox popup will show up asking for directory location. Just click on web root. Once you are there, navigate to the folder where your WordPress is hosted. Then click on the /wp-admin/ folder. You will see a screen like this:

securitysettingsforafolder-e1371840680572.jpg.8c39b0a56bf5af16f57b227f73648b60.jpg

securitysettingsforafolder-e1371840680572-2.jpg.f4e4f79ecc279ff4e57c757ed8e51ef2.jpg

Simply check the box to password protect the directory. Then create a user for the directory. That is it. Now when you try to access your wp-admin directory, you should see an authentication required box like this:

authenticationrequired.jpg.719d88e8fd0ef0b9f27836c2a0e17fee.jpg

Manual Method

First create a .htpasswds file. You can do so easily by using this generator. Upload this file outside your /public_html/ directory. A good path would be:

home/user/.htpasswds/public_html/wp-admin/passwd/

Then, create a .htaccess file and upload it in /wp-admin/ directory. Then add the following codes in there:

AuthName "Admins Only"
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere

You must update your username in there. Also don’t forget to update the AuthUserFile location path.

I have a 404 Error or a Too many redirects error

Well this can happen depending on how your server is configured. To fix this issue, open your main WordPress .htaccess file and add the following code there before the WordPress rules start.

ErrorDocument 401 default

Well there you have it. Now you have double authentication for your WordPress admin area. This is a good alternative to limiting wp-admin access by IP address.

Here is how to fix the Admin Ajax Issue

If you password protect your WordPress Admin directory, then it will break the Ajax functionality in the front-end (if it is being used). In our case, we don’t have any plugins that is using ajax in the front-end. But if you do, then here is how you fix that issue.

Open the .htaccess file located in your /wp-admin/ folder (This is NOT the main .htaccess file that we edited above).

In the wp-admin .htaccess file, paste the following code:

<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any 
</Files>

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Similar Content

    • By c0d1ng
      View File Martfury - Best WooCommerce Marketplace WordPress Theme
      Martfury is a modern and flexible WooCommerce Marketplace WordPress theme. This theme is suited for multi vendor marketplace, electronics store, furnitures store, clothings store, hitech store and accessories store… With the theme, you can create your own marketplace and allow vendors to sell just like Amazon, Envato, eBay.
       
      Submitter Sam Submitted 09/06/2021 Category Files  
    • By c0d1ng
      Martfury is a modern and flexible WooCommerce Marketplace WordPress theme. This theme is suited for multi vendor marketplace, electronics store, furnitures store, clothings store, hitech store and accessories store… With the theme, you can create your own marketplace and allow vendors to sell just like Amazon, Envato, eBay.
       
    • By pasmantap
      View File Elementor Pro | Brings New Designs Experiences to Your WordPress
      * Tweak: Added "Justified" option in Typography text alignment in Column & Section elements ([#11480](https://github.com/elementor/elementor/issues/11480))
      * Tweak: Enlarged cards view in the Kit Library for better visibility
      * Tweak: Changed Kit Library tab title
      * Fix: Landing pages experiment causes 404 errors with attachment pages ([#15943](https://github.com/elementor/elementor/issues/15943))
      * Fix: Can't upload SVG files using Elementor ([#16084](https://github.com/elementor/elementor/issues/16084), [#16119](https://github.com/elementor/elementor/issues/16119), [#16088](https://github.com/elementor/elementor/issues/16088))
      * Fix: `wp_kses_post` strips `srcset` attribute from images ([#16111](https://github.com/elementor/elementor/issues/16111))
      * Fix: Inline CSS is parsed to an invalid characters ([#16140](https://github.com/elementor/elementor/issues/16140))
      * Fix: Animated elements disappear before entering the viewport ([#2806](https://github.com/elementor/elementor/issues/2806))
      * Fix: Autoplay not working for Vimeo videos in Lightbox ([#16068](https://github.com/elementor/elementor/issues/16068))
      * Fix: HTML captions are stripped in Image carousel widget ([#16073](https://github.com/elementor/elementor/issues/16073))
      * Fix: Carousels are not working properly in the Editor when Additional Custom Breakpoints experiment is active
      * Fix: Responsive values are not being reflected in Slider controls
      * Fix: Elementor Top Admin Bar loads in WordPress dashboard when the experiment is active
      * Fix: Prevent Admin Top Bar to conflict with WordPress customizer
      * Fix: Can't change alignment of icons when Font Awesome Inline experiment is active in Icon List widget
      * Fix: Import deeplink redirect loses target screen parameters when user needs to log in
      * Deprecated: Removed all usages of `Elementor\Utils::get_create_new_post_url()`
      Submitter pasmantap Submitted 09/01/2021 Category Files  
    • By pasmantap
      * Tweak: Added "Justified" option in Typography text alignment in Column & Section elements ([#11480](https://github.com/elementor/elementor/issues/11480))
      * Tweak: Enlarged cards view in the Kit Library for better visibility
      * Tweak: Changed Kit Library tab title
      * Fix: Landing pages experiment causes 404 errors with attachment pages ([#15943](https://github.com/elementor/elementor/issues/15943))
      * Fix: Can't upload SVG files using Elementor ([#16084](https://github.com/elementor/elementor/issues/16084), [#16119](https://github.com/elementor/elementor/issues/16119), [#16088](https://github.com/elementor/elementor/issues/16088))
      * Fix: `wp_kses_post` strips `srcset` attribute from images ([#16111](https://github.com/elementor/elementor/issues/16111))
      * Fix: Inline CSS is parsed to an invalid characters ([#16140](https://github.com/elementor/elementor/issues/16140))
      * Fix: Animated elements disappear before entering the viewport ([#2806](https://github.com/elementor/elementor/issues/2806))
      * Fix: Autoplay not working for Vimeo videos in Lightbox ([#16068](https://github.com/elementor/elementor/issues/16068))
      * Fix: HTML captions are stripped in Image carousel widget ([#16073](https://github.com/elementor/elementor/issues/16073))
      * Fix: Carousels are not working properly in the Editor when Additional Custom Breakpoints experiment is active
      * Fix: Responsive values are not being reflected in Slider controls
      * Fix: Elementor Top Admin Bar loads in WordPress dashboard when the experiment is active
      * Fix: Prevent Admin Top Bar to conflict with WordPress customizer
      * Fix: Can't change alignment of icons when Font Awesome Inline experiment is active in Icon List widget
      * Fix: Import deeplink redirect loses target screen parameters when user needs to log in
      * Deprecated: Removed all usages of `Elementor\Utils::get_create_new_post_url()`
    • By peter_hutomo
      Download Free WPShapere - Wordpress Admin Theme Nulled CodeCanyon 8183353
      WPShapere – WordPress Admin Theme let you customize the entire look of default WordPress admin theme as you wish. It allows you to hand over WordPress to your customers in a custom way as you think.
      WPShapere WordPress Admin Theme is a WordPress plugin and a powerful tool to customize your WordPress admin. It will totally white label the WordPress admin section. With WPShapere you have the ability to offer your customers a complete new admin dashboard with your brand name.
      WPShapere has Simple to use user interface to manage the colors and elements of the wordpress admin theme.

      Key Features
      Unlimited color options + 16 pre-made Pro themes. New: Flat/Default design. White Label Branding. Upload custom logo for login and dashboard pages. Hide, rename and sort admin menu items. New: Privilege Users who can access to all menu items. New: RTL Compatibility. Custom Icons for admin menu items: Dashicons and FontAwesome icons Custom login Theme. Manage and Create custom dashboard widgets. Hide unwanted widgets from dashboard. Manage Admin Bar elements. Ability to add custom links to the admin bar. Disable automatic background updates. White Label Emails. Multi-site Network Support – Global option/Individual blog option. Export and Import of settings feature. Powerful and simple to use Options panel. Add custom css styles for login and admin pages. Tested for Compatibility with popular plugins: Contact form 7, Visual Composer, WP Super cache, WP Total cache, woocommerce, etc. Detailed documentation.
×
×
  • Create New...