How to Password Protect WordPress Admin (wp-admin) URL

Password Protect WordPress Admin

WordPress is the most popular CMS used worldwide. I am preparing this tutorial in order to help you set up a password-protected WordPress admin/wp-admin directory and make it secure from public use.

Here is the way to password protect WordPress Admin URL

First, create a new .htpasswd file, or use the generator to generate it. Upload this file to the directory above the root directory of the website, for example:

home / user / .htpasswd / public_html / wp-admin / passwd /

or

home / user / .htpasswd / www / wp-admin / passwd /

Then create a new .htaccess file and upload it to the / wp-admin / directory, and add the following code to the file:

AuthName "Admins Only"

AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd

AuthGroupFile / dev / null

AuthType basic

require user your username

Replace the “your username” in the above code with your own, don’t forget to change the path of AuthUserFile to your own, if the specified path is not known, create a new PHP file and copy the following code. Then save it as fullpath.php. Upload the file to the wp-content directory, and then enter http://yourdomain.com/wp-content/fullpath.php in the browser to see the complete directory path of the site in the server.

<? php $ dir = dirname (__ FILE__); echo "Full path to this dir:". $ dir. ""; echo "Full path to a .htpasswd file in this dir:". $ dir. "/.htpasswd" . "";?>

Now when you visit your WordPress website home page, It will not prompt for any password. But when you navigate to wp-admin directory, it will prompt for authentication, and this way you will be able to password Protect WordPress Admin (wp-admin).

If a 404 error or infinite redirect error is encountered

This error has a certain relationship with your server configuration. Open the main .htaccess file of  WordPress and add the following code at the front of the WordPress rules to fix it.

ErrorDocument 401 default

Now the WordPress administrator background has dual password authentication. This is a very good alternative to restricting access to wp-admin by IP address.

How to fix Admin Ajax issues

Protecting the administrator with a password will disable the Ajax function on the front page (if the front page uses ajax). If a site is using it, the following is the solution.

Open the .htaccess file located in the / wp-admin / directory (note: not the one in the root directory of the website), and copy the following code into it:

<Files admin-ajax.php>

Order allow, deny

Allow from all

Satisfy any

</ Files>

You May Also Like

About the Author: BW

1 Comment

  1. Pingback: Limit WordPress Login Attempts: Why & How to Do it (Easy & Free) - Tips

Leave a Reply

Your email address will not be published. Required fields are marked *