How to password protect WordPress login and admin page
In this article we will go over how you could secure your WordPress Login page. We will add one more additional password to your login page. Even before login page loads, user has to enter additional password to see login page.
How to protect WP-ADMIN URL with .htaccess? How to avoid WordPress Brute Force Attack? Prevent Brute Force Attacks on WordPress Login page.
Step 1: Login to cPanel
Once you login to your cPanel account, go to Files section and click on File Manager.
Step 2: Enable Hidden files
Clicking on File Manager will open new window. Click on Settings button on Top-Right corner. Click on Show Hidden Files (dotfiles) checkbox. You will be able to see all .dot files now.
Step 3: Verify the content of .htaccess file found in /home/<username>/public_html and /home/<username>/public_html/wp-admin
The .htaccess file under /home/<username>/public_html will have content like below:
The .htaccess file under /home/<username>/public_html/wp-admin will probably be empty or not there at all. Create a empty .htaccess file if does not exist.
Step 4: Now we will create username and password to lock the wp-admin access. Go to your cPanel account, go to Files section and click on Directory Privacy folder.
Step 5: Click on folder icon as shown. DO NOT click the text “public_html”
Step 6: On next screen click on TEXT “wp-admin”. DO NOT click on folder icon.
Step 7: On the new screen tick the checkbox “Password protect this directory”. and enter and enter a name for protected directory as shown. Click Save.
Step 9: Now create username and password who will have access to wp-admin folder:
Step 10: Click Go Back
Step 11: Now open the .htaccess file under /home/<username>/public_html/wp-admin. It should have content as shown:
Step 12: Add this text to it at bottom and save it:
Step 13: Copy the content of .htaccess from /home/<username>/public_html/wp-admin (leave the highlighted lines in previous step) and add to .htaccess file in /home/<username>/public_html as shown:
Step 13: Config is completed. wp-admin folder is secured now. Try to access your wp-admin url.
In Chrome it will show something like below:
In Internet explorer it will show like below:
Enter the username and password created for securing wp-admin folder. This will take you to proper WordPress login:
If someone click Cancel on wp-admin login popup then it will display this: