How to Password Protect WordPress Admin Folder using htaccess file

05/01/2020 Amar Patel WordPress Security 0

How to Password Protect WordPress Admin Folder using htaccess file

Do you want to Password Protect WordPress admin folder to secure your website? keep reading this post because in this post I will guide you in-depth How to Password protect WordPress admin folder. As WordPress is more popular CMS, therefore, it is the main target for a hacker. As per Sucuri WordPress accounted for 90 per cent of all hacked CMS sites in 2018. WordPress is very secure by default itself most of the security breach occurs due to the use of theme and plugin from unauthorized sources.

 On WordPress Platform website security hardening means securing a website by reducing its surface of vulnerability. More use of theme and plugin, Showing directory or WordPress version provides a potential entry point to the hacker.

How to Password Protect WordPress Admin Folder using htaccess file
Image Credit: Sucuri.com

Why Password Protect WordPress Admin Folder?

How to Password Protect WordPress Admin Folder using htaccess file

When we Install WordPress, We download a group of files known as WordPress core files that become admin interface of our website. WordPress core files make up the appearance and functionality of the WordPress platform, and content files are added by the user in the form of themes, plugins, and images. wp-config file has big importance became tells WordPress where to find your site’s database.

.htaccess is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn ‘loaded via the Apache Web Server’.

If your website hosted on Nginx server you will not have .htaccess file. In Nginx, you will use the try_files directive to accomplish the same thing.By default, the configuration file is named nginx.conf and placed in the directory /usr/local/nginx/conf , /etc/nginx or /usr/local/etc/nginx

These .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. These facilities include basic redirect functionality and more advanced functions such as content password protection or image hotlink prevention etc. In this post, I will explain How to Password Protect WordPress Admin Folder using htaccess file. 

How to Password Protect WordPress Admin Folder using .htaccess file-:

First, create a block notepad file and name it .htpasswds file. Noe head over to HTPasswd Generator tool enter desire user name and password and generate HTpaswd. Copy the output and paste it into .htpasswds file. Upload this file outside of your /public_html/directory. If you are using cPanel then ideal path would be home/user/.htpasswds/public_html/wp-admin/passwd/. Now create a .htaccess file and upload it inside of /wp-admin/directory. To create a fresh . htaccess file read my complete guide How to create .htaccess file Manually in WordPress. 

AuthName "Admins Only"
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>

Add the above code in your .htaccess file before # END WordPress or after # BEGIN WordPress the whole code will look like as shown. You must update your username in there. Also, don’t forget to update the AuthUserFile location path.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
AuthName "Admins Only" 
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd 
AuthGroupFile /dev/null 
AuthType basic 
require user putyourusernamehere 
<Files admin-ajax.php> 
Order allow,deny
 Allow from all 
Satisfy any </Files>
# END WordPres

Conclusion-: Password protection WordPress admin folder will add an extra layer of security to your WordPress website. Never forget that more than 35% of internet website is powered by WordPress therefore WordPress website is the main target for hackers.

if you feel difficult yo modify .htaccess file you can use WordPress security plugin like Wordfence which offers lots of functionality to secure your WordPress website. As per my point of view if you handle your website security with your own you will have a better understanding of WordPress security.

If you like my work, Please Share on Social Media! You can Follow WP knol on FacebookTwitterPinterest and YouTube for latest updates. You may Subscribe to WP Knol Newsletter to get latest updates via Email. You May also Continue Reading my Recent Posts Which Might Interest You.

About Amar Patel 263 Articles
Hi, I am Amar Patel from India. Founder, Author and Administrator of wpknol.com. I am a Simple Average Man who Loves life and Love living life.Professionally I am a Mechanical Engineer. Apart from my Job, I Love to write the things around WordPress WordPress CMS.