Password Protect WordPress Admin

1. Login to cPanel from the client area and click on Files >> Directory Privacy. You will get a modal popup with various options, we need to select Web Root and then click Go button.

2. Click on the wp-admin directory in the list of files/folders displayed. Check Password protect this directory, enter a name, and click Save button. Click on Go Back link to return to the wp-admin directory privacy options. Enter a Username and click on the Password Generator button to randomly generate a unique and secure password. Click on the Save button below the Password Strength status bar to create your new user.

3. Back to cPanel home. Files >> File Manager. Ensure Show Hidden Files (dotfiles) is checked and go to your Web Root (public_html) folder. If you do not get a prompt when opening File Manager, you can click on the Settings button in the top right corner and save these in your preferences.

4. Click on the wp-admin folder in the left hand directory tree. Right click on the .htaccess file in the wp-admin folder, select the Edit link to open a new window with a basic text editor. Add this text to the top of the .htaccess file, then click on the Save Changes button:

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

# Allow plugin access to admin-ajax.php around password protection
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>

5. Click on the public_html folder in the left hand directory tree. Right click on the .htaccess file in the public_html folder, select the Edit link to open a new window with a basic text editor. Add this text to the top of the .htaccess file, then click on the Save Changes button:

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

<FilesMatch "wp-login.php">
AuthType Basic
AuthName "Secure Area"
AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
require valid-user
</FilesMatch>

You should now have the /public_html/wp-admin/.htaccess file that protects the wp-admin folder. The same protection was copied to your main /public_html/.htaccess file. Now the wp-login.php file is also password protected.

If you are getting a redirect loop error message in your browser, please ensure you have copied the ErrorDocument lines into both of your edited .htaccess files. Also ensure you have allowed requests to wp-admin/admin-ajax.php without password protection, this is completed when following the steps above correctly.

Was this answer helpful?

 Print this Article

Also Read

Joomla and the ini_set() Error Message

On all Cloudslices shared hosting servers ini_set() has been disabled for security reasons....

Reset WordPress Password

WordPress password resets are one of the most common support requests received by the Cloudslices...

Reset Joomla Password

Method 1: Edit configuration.php File If you have access to your configuration.php file for the...

Change WordPress URL

Changing your WordPress URL can be a headache if you have modified your hosting account before...