In this guide I will walk you through limiting access to the /wp-admin directory, and the wp-login.php script, which will lock down and password protect your WordPress website from invalid login attempts.
If you haven't already, I'd suggest checking out my article about the WordPress brute force attack that has recently been going on that prompted me to write this article.
Using the steps below, I'll show you how to create password protection for your /wp-admin directory, as well as how to copy those rules over to also protect your wp-login.php script.
Please note that it's been reported to us in certain cases following these steps will result in a re-direct loop. If you're having that issue, please ensure you have the following two entries at the top of both .htaccess files:
ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"
<FilesMatch "wp-login.php"> AuthType Basic AuthName "Secure Area" AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd" require valid-user </FilesMatch>
Then click on Save Changes up at the top-right. Now if someone tries to directly login via wp-login.php they will be prompted for a valid user as well.
Congratulations, now you know how to protect your WordPress website from unauthorized login attempts, by requiring a username and password before an attempt to directly login to WordPress is even allowed.
n/a Points
|
2015-05-07 4:47 am
I am trying to deny access to WP-Login of my wordpress sites, and your instructions are somewhat unclear since there are no FilesMatch tags, and this is all I see: <Files 403.shtml> order allow,deny allow from all </Files>
|
Staff 12,339 Points
|
2015-05-07 4:00 pm
Hello Manuel,
Thank you for contacting us. You must create/add the " I recommend copying them from the example above. Thank you, John-Paul |
n/a Points
|
2017-08-04 2:10 pm
It worked like a charm. I just deleted the password protection for public_html. I nearly edited all php files in wordpress installation directory and now i figured out that the problem comes from cpanel. Thank you so much! |
Email: | support@WebHostingHub.com | Ticket: | Submit a Support Ticket |
---|---|---|---|
Call: |
877-595-4HUB (4482) 757-416-6627 (Intl.) |
Chat: | Click To Chat Now |
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!