You are currently viewing How to Secure Your WordPress Admin (wp-admin) Directory with a Password

How to Secure Your WordPress Admin (wp-admin) Directory with a Password

To keep things simple, we’ll only discuss cPanel web hosting companies because cPanel offers a user-friendly interface for creating password-protected directories.

Log into your cPanel account. Scroll to the bottom of the page until you reach the Security Tab. Select the “Password Protect Directories” icon from the drop-down menu.

A lightbox popup will appear when you click that, asking for the directory location. Simply click on the web root. Navigate to the folder where your WordPress is housed once you’ve arrived. Then go to the /wp-admin/ folder and click on it. To password-protect the directory, simply check the box. Then, for the directory, create a user. That is all.

Manual Method

Make a .htpasswds file first. Using this generator, you may do so quickly. This file should be placed outside of your /public html/ directory. The following is an ideal path to follow:

home/user/.htpasswds/public html/wp-admin/passwd/

Then, under the /wp-admin/ directory, create a .htaccess file and upload it. Then paste in the following codes:

AuthName "Admins Only"
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere

I’m getting a 404 or Too Many Redirects issue

Well, depending on how your server is set up, this could happen. To fix this issue, open your main WordPress .htaccess file and add the following code before the WordPress rules start:

ErrorDocument 401 default

That’s all. Your WordPress admin area now has double authentication. This is a decent alternative to restricting access to wp-admin by IP address.

How to Resolve the Admin Ajax Problem

The Ajax feature in the front-end will be broken if you password lock your WordPress Admin directory (if it is being used).

Open the .htaccess file in your /wp-admin/ directory (This is NOT the main .htaccess file that we edited above).

Paste the following code into the wp-admin .htaccess file:

<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any 

If you want to know how to secure your website more, please check this link.

This Post Has One Comment

Leave a Reply