How to Password Protect Your WordPress Login (wp-login.php) Page

Do you want to password protect your WordPress login (WP-login.PHP) page? Well, it’s a smart move to protect your WordPress site from brute-force attacks.

Why? Because brute force attack is a hacking method where automated software is used to generate a large number of passwords to gain unauthorized access to your website. Now, if you are using a very week password, then it will be very easy for them to guess your password.

By password protecting your WordPress admin or login page, you are adding an extra layer of security to your WordPress login page. Because, it requires a password to access your WordPress login page, which is impossible by just guessing passwords. 

In this tutorial, I will show you how to password protect your WordPress login page.

How to Password Protect WordPress Login Page

To protect your WordPress admin or login page, you need to login to your hosting cPanel. If you are using cPanel hosting, then it will be very easy for you.

Login to your hosting cPanel account and go to the root directory where your WordPress site is hosted.

There, you need to create a .htpasswd file which will contain your username and encrypted password. You can easily create an encrypted password using this tool.

Htpasswd Generator

After clicking on Create .htpasswd file, it will create an encrypted password for the htpasswd file.

htpasswd created password

Now create a .htpasswd file inside your wp-admin folder and copy the data that you have generated. After this, save the file.

In this step, create a new .htaccess file inside your wp-admin folder and copy the following code.

ErrorDocument 401 "Unauthorized"
ErrorDocument 403 "Forbidden"

Now go to the root directory of your WordPress site and edit the .htacces file. This is the primary .htaccess file of your site. If there is no .htaccess file, you can easily create it. Then click on edit and enter the following code inside your .htaccess file.

ErrorDocument 401 "Unauthorized"
ErrorDocument 403 "Forbidden"
<filesmatch "wp-login.php">
AuthType Basic
AuthName "WordPress Admin"
AuthUserFile "/home/directory/public_html/"
require valid-user

Note: Here the “AuthUserFile” will be your .htpasswd location path.

Now save the file and you are done. Once it is set up, you can try to access your website’s login page by visiting “” or “” and you will see authentication required notification box. Here’s the screenshot how it looks like.

Authentication Required popup box

Now you have to enter your username and the password that you used for generating your .htpasswd file.

In the password field, you have to enter your actual password, not the encrypted one. After login in, you can access your WordPress login or admin page.

Fixing Front End Ajax Functionality

There are many WordPress plugins which use Ajax functionality in WordPress. By password protecting your WordPress login page, you are blocking all the Ajax functionality in your site. So, many WordPress plugins may not work properly if they are using Ajax functionality.

If you are using any plugin that is using Admin-Ajax functionality, then you can fix the issue by entering the following code to your .htaccess file.

Open your .htaccess file that is located in the wp-admin folder and copy the following code.

# Allow admin-ajax.php access
<files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any

That’s it. This way you can easily password protect your WordPress admin or login page. Now try to access your WordPress admin or login page, you will see an Authentication Required popup appearing.

I hope this tutorial helped you to password protect your WordPress admin(WP-Admin) or login(WP-login.php) page. If you are getting an error, do let us know in the comment section. If you like this tutorial, do share it with your friends.


Related Articles,

*This post may have affiliate links, which means I may receive a small fee if you choose to purchase through my links (at no extra cost to you). This helps us to keep WPMyWeb up and running and up-to-date. Thank you if you use our links, we really appreciate it! Learn more.

Sharing is Caring
Jyoti Ray

Jyoti Ray is the founder of He writes about Blogging, WordPress tutorials, Hosting, Affiliate marketing etc. He mostly spends times on blogging, reading books and cooking.

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
blumen verschicken Blumenversand
blumen verschicken Blumenversand
Reinigungsservice Reinigungsservice Berlin
küchenrenovierung küchenfronten renovieren küchenfront erneuern