How to Password Protect Your WordPress Login (wp-login.php) Page

Do you want to password protect your WordPress login (WP-login.PHP) page? Well, it’s a smart move to protect your WordPress site from brute-force attacks.

Why? Because brute force attack is a hacking method where automated software is used to generate a large number of passwords to gain unauthorized access to your website. Now, if you are using a very week password, then it will be very easy for them to guess your password.

By password protecting your WordPress admin or login page, you are adding an extra layer of security to your WordPress login page. Because, it requires a password to access your WordPress login page, which is impossible by just guessing passwords. 

In this tutorial, I will show you how to password protect your WordPress login page.

How to Password Protect WordPress Login Page

To protect your WordPress admin or login page, you need to login to your hosting cPanel. If you are using cPanel hosting, then it will be very easy for you.

Login to your hosting cPanel account and go to the root directory where your WordPress site is hosted.

There, you need to create a .htpasswd file which will contain your username and encrypted password. You can easily create an encrypted password using this tool.

Htpasswd Generator

After clicking on Create .htpasswd file, it will create an encrypted password for the htpasswd file.

htpasswd created password

Now create a .htpasswd file inside your wp-admin folder and copy the data that you have generated. After this, save the file.

In this step, create a new .htaccess file inside your wp-admin folder and copy the following code.

ErrorDocument 401 "Unauthorized"
ErrorDocument 403 "Forbidden"

Now go to the root directory of your WordPress site and edit the .htacces file. This is the primary .htaccess file of your site. If there is no .htaccess file, you can easily create it. Then click on edit and enter the following code inside your .htaccess file.

ErrorDocument 401 "Unauthorized"
ErrorDocument 403 "Forbidden"
<filesmatch "wp-login.php">
AuthType Basic
AuthName "WordPress Admin"
AuthUserFile "/home/directory/public_html/domain.com/wp-admin/.htpasswd"
require valid-user
</filesmatch>

Note: Here the “AuthUserFile” will be your .htpasswd location path.

Now save the file and you are done. Once it is set up, you can try to access your website’s login page by visiting “yoursite.com/wp-admin” or “yoursite.com/wp-login.php” and you will see authentication required notification box. Here’s the screenshot how it looks like.

Authentication Required popup box

Now you have to enter your username and the password that you used for generating your .htpasswd file.

In the password field, you have to enter your actual password, not the encrypted one. After login in, you can access your WordPress login or admin page.

Fixing Front End Ajax Functionality

There are many WordPress plugins which use Ajax functionality in WordPress. By password protecting your WordPress login page, you are blocking all the Ajax functionality in your site. So, many WordPress plugins may not work properly if they are using Ajax functionality.

If you are using any plugin that is using Admin-Ajax functionality, then you can fix the issue by entering the following code to your .htaccess file.

Open your .htaccess file that is located in the wp-admin folder and copy the following code.

# Allow admin-ajax.php access
<files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</files>

That’s it. This way you can easily password protect your WordPress admin or login page. Now try to access your WordPress admin or login page, you will see an Authentication Required popup appearing.

I hope this tutorial helped you to password protect your WordPress admin(WP-Admin) or login(WP-login.php) page. If you are getting an error, do let us know in the comment section. If you like this tutorial, do share it with your friends.

 

Related Articles,

Jyoti Prakash Ray
 

Jyoti Ray is the founder of WPMyWeb.com. He writes about Blogging, WordPress tutorials, Hosting, Affiliate marketing etc. He mostly spends times on blogging, reading books and cooking.

Leave a Reply

avatar
  Subscribe  
Notify of

Send this to a friend