How to Secure Your WordPress Admin (wp-admin) Directory with a Password

Post author:WPAdmin
Post published:October 1, 2021
Post category:Security / Tutorials
Post comments:1 Comment

To keep things simple, we’ll only discuss cPanel web hosting companies because cPanel offers a user-friendly interface for creating password-protected directories.

Log into your cPanel account. Scroll to the bottom of the page until you reach the Security Tab. Select the “Password Protect Directories” icon from the drop-down menu.

A lightbox popup will appear when you click that, asking for the directory location. Simply click on the web root. Navigate to the folder where your WordPress is housed once you’ve arrived. Then go to the /wp-admin/ folder and click on it. To password-protect the directory, simply check the box. Then, for the directory, create a user. That is all.

Manual Method

Make a .htpasswds file first. Using this generator, you may do so quickly. This file should be placed outside of your /public html/ directory. The following is an ideal path to follow:

home/user/.htpasswds/public html/wp-admin/passwd/

Then, under the /wp-admin/ directory, create a .htaccess file and upload it. Then paste in the following codes:

AuthName "Admins Only"
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere

I’m getting a 404 or Too Many Redirects issue

Well, depending on how your server is set up, this could happen. To fix this issue, open your main WordPress .htaccess file and add the following code before the WordPress rules start:

ErrorDocument 401 default

That’s all. Your WordPress admin area now has double authentication. This is a decent alternative to restricting access to wp-admin by IP address.

How to Resolve the Admin Ajax Problem

The Ajax feature in the front-end will be broken if you password lock your WordPress Admin directory (if it is being used).

Open the .htaccess file in your /wp-admin/ directory (This is NOT the main .htaccess file that we edited above).

Paste the following code into the wp-admin .htaccess file:

<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any 
</Files>

If you want to know how to secure your website more, please check this link.

This Post Has One Comment

Pingback: Protect your WordPress admin directory by limiting access via .htaccess file - WordPress for beginners - WordPress for dummies

Manual Method

I’m getting a 404 or Too Many Redirects issue

How to Resolve the Admin Ajax Problem

Please Share This Share this content

You Might Also Like

How to Fix the Error Establishing a Database Connection in WordPress

How to change the Date Format in WordPress

How to Use GZIP Compression (2 easy install methods)

This Post Has One Comment

Leave a Reply Cancel reply

Share this content