How to Password Protect WordPress Admin Folder using htaccess file

How to Password Protect WordPress Admin Folder using htaccess file

How to Password Protect WordPress Admin Folder using htaccess file

How to Password Protect WordPress Admin Folder using htaccess file-: As WordPress is more popular CMS, therefore, it is the main target for a hacker. As per Sucuri WordPress accounted for 90 per cent of all hacked CMS sites in 2018. WordPress is very secure by default itself most of the security breach occurs due to the use of theme and plugin from unauthorized sources.

 on WordPress Platform website security hardening means securing a website by reducing its surface of vulnerability. More use of theme and plugin, Showing directory or WordPress version provides a potential entry point to the hacker.

How to Password Protect WordPress Admin Folder using htaccess file
Image Credit: Sucuri.com

When we Install WordPress, We download a group of files known as WordPress core files that become admin interface of our website. WordPress core files make up the appearance and functionality of the WordPress platform, and content files are added by the user in the form of themes, plugins, and images. wp-config file has big importance became tells WordPress where to find your site’s database.

.htaccess is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn ‘loaded via the Apache Web Server’.

If your website hosted on Nginx server you will not have .htaccess file. In Nginx, you will use the try_files directive to accomplish the same thing.By default, the configuration file is named nginx.conf and placed in the directory /usr/local/nginx/conf , /etc/nginx or /usr/local/etc/nginx

These .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. These facilities include basic redirect functionality and more advanced functions such as content password protection or image hotlink prevention etc. In this post, I will explain How to Password Protect WordPress Admin Folder using htaccess file. 

How to Password Protect WordPress Admin Folder using .htaccess file-:

First, create a block notepad file and name it .htpasswds file. Noe head over to HTPasswd Generator tool enter desire user name and password and generate HTpaswd. Copy the output and paste it into .htpasswds file. Upload this file outside of your /public_html/directory. If you are using cPanel then ideal path would be home/user/.htpasswds/public_html/wp-admin/passwd/. Now create a .htaccess file and upload it inside of /wp-admin/directory. To create a fresh .htaccess file read my complete guide How to create .htaccess file Manually in WordPress. 

AuthName "Admins Only"
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>

Add the the above code in your .htaccess file before # END WordPress or after # BEGIN WordPress the whole code will look like as shown.You must update your username in there. Also don’t forget to update the AuthUserFile location path.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
AuthName "Admins Only" 
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd 
AuthGroupFile /dev/null 
AuthType basic 
require user putyourusernamehere 
<Files admin-ajax.php> 
Order allow,deny
 Allow from all 
Satisfy any </Files>
# END WordPres

Conclusion-: Password protection WordPress admin folder will add an extra layer of security to your WordPress website. Never forget that more than 35% of internet website is powered by WordPress therefore WordPress website are the main target for hackers.

if you feel difficult yo modify .htaccess file you can use WordPress security plugin like Wordfence which offers lots of functionality to secure your WordPress website. As per my point of view if you handle your website security with your own you will have a better understanding of WordPress security.

Thanks for reading…“Pardon my grammar, English is not my native tongue.”

If you like my work, Please Share on Social Media! You can Follow WP knol on Facebook, Twitter, Pinterest and YouTube for latest updates. You may Subscribe to WP Knol Newsletter to get latest updates via Email. You May also Continue Reading my Recent Posts Which Might Interest You.

Share the Knowledge!
  • 48
  • 7
  •  
  •  
  •  
  •  
  •  
  •  
    55
    Shares
Amar Patel on FacebookAmar Patel on PinterestAmar Patel on TwitterAmar Patel on Wordpress
Amar Patel
Hi, I am Amar Patel from India. Founder, Author and Administrator of wpknol.com. I am a Simple Average Man who Loves life and Love living life.Professionally I am a Mechanical Engineer. Apart from my Job, I Love to write the things around WordPress WordPress CMS.
Enter your email address: Delivered by FeedBurner
Follow us on Social Media