Password Protect WordPress Admin

1. Login to cPanel from the client area and click on Files >> Directory Privacy. You will get a modal popup with various options, we need to select Web Root and then click Go button.

2. Click on the wp-admin directory in the list of files/folders displayed. Check Password protect this directory, enter a name, and click Save button. Click on Go Back link to return to the wp-admin directory privacy options. Enter a Username and click on the Password Generator button to randomly generate a unique and secure password. Click on the Save button below the Password Strength status bar to create your new user.

3. Back to cPanel home. Files >> File Manager. Ensure Show Hidden Files (dotfiles) is checked and go to your Web Root (public_html) folder. If you do not get a prompt when opening File Manager, you can click on the Settings button in the top right corner and save these in your preferences.

4. Click on the wp-admin folder in the left hand directory tree. Right click on the .htaccess file in the wp-admin folder, select the Edit link to open a new window with a basic text editor. Add this text to the top of the .htaccess file, then click on the Save Changes button:

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

# Allow plugin access to admin-ajax.php around password protection
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>

5. Click on the public_html folder in the left hand directory tree. Right click on the .htaccess file in the public_html folder, select the Edit link to open a new window with a basic text editor. Add this text to the top of the .htaccess file, then click on the Save Changes button:

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

<FilesMatch "wp-login.php">
AuthType Basic
AuthName "Secure Area"
AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
require valid-user
</FilesMatch>

You should now have the /public_html/wp-admin/.htaccess file that protects the wp-admin folder. The same protection was copied to your main /public_html/.htaccess file. Now the wp-login.php file is also password protected.

If you are getting a redirect loop error message in your browser, please ensure you have copied the ErrorDocument lines into both of your edited .htaccess files. Also ensure you have allowed requests to wp-admin/admin-ajax.php without password protection, this is completed when following the steps above correctly.

Was this answer helpful?

 Print this Article

Also Read

Reset Joomla Password

Method 1: Edit configuration.php File If you have access to your configuration.php file for the...

Reset WordPress Password

WordPress password resets are one of the most common support requests received by the Cloudslices...

Joomla and the ini_set() Error Message

On all Cloudslices shared hosting servers ini_set() has been disabled for security reasons....

Change WordPress URL

Changing your WordPress URL can be a headache if you have modified your hosting account before...