How to Password Protect Your WordPress Login (wp-login.php) Page
Do you want to password protect your WordPress login (WP-login.PHP) page? Well, it’s a smart move to protect your WordPress site from brute-force attacks.
Why? Because brute force attack is a hacking method where automated software is used to generate a large number of passwords to gain unauthorized access to your website. Now, if you are using a very week password, then it will be very easy for them to guess your password.
By password protecting your WordPress admin or login page, you are adding an extra layer of security to your WordPress login page. Because, it requires a password to access your WordPress login page, which is impossible by just guessing passwords.
In this tutorial, I will show you how to password protect your WordPress login page.
How to Password Protect WordPress Login Page
To protect your WordPress admin or login page, you need to login to your hosting cPanel. If you are using cPanel hosting, then it will be very easy for you.
Login to your hosting cPanel account and go to the root directory where your WordPress site is hosted.
There, you need to create a .htpasswd file which will contain your username and encrypted password. You can easily create an encrypted password using this tool.
After clicking on Create .htpasswd file, it will create an encrypted password for the htpasswd file.
Now create a .htpasswd file inside your wp-admin folder and copy the data that you have generated. After this, save the file.
In this step, create a new .htaccess file inside your wp-admin folder and copy the following code.
ErrorDocument 401 "Unauthorized" ErrorDocument 403 "Forbidden"
Now go to the root directory of your WordPress site and edit the .htacces file. This is the primary .htaccess file of your site. If there is no .htaccess file, you can easily create it. Then click on edit and enter the following code inside your .htaccess file.
ErrorDocument 401 "Unauthorized" ErrorDocument 403 "Forbidden" <filesmatch "wp-login.php"> AuthType Basic AuthName "WordPress Admin" AuthUserFile "/home/directory/public_html/domain.com/wp-admin/.htpasswd" require valid-user </filesmatch>
Note: Here the “AuthUserFile” will be your .htpasswd location path.
Now save the file and you are done. Once it is set up, you can try to access your website’s login page by visiting “yoursite.com/wp-admin” or “yoursite.com/wp-login.php” and you will see authentication required notification box. Here’s the screenshot how it looks like.
Now you have to enter your username and the password that you used for generating your .htpasswd file.
In the password field, you have to enter your actual password, not the encrypted one. After login in, you can access your WordPress login or admin page.
Fixing Front End Ajax Functionality
There are many WordPress plugins which use Ajax functionality in WordPress. By password protecting your WordPress login page, you are blocking all the Ajax functionality in your site. So, many WordPress plugins may not work properly if they are using Ajax functionality.
If you are using any plugin that is using Admin-Ajax functionality, then you can fix the issue by entering the following code to your .htaccess file.
Open your .htaccess file that is located in the wp-admin folder and copy the following code.
# Allow admin-ajax.php access <files admin-ajax.php> Order allow,deny Allow from all Satisfy any </files>
That’s it. This way you can easily password protect your WordPress admin or login page. Now try to access your WordPress admin or login page, you will see an Authentication Required popup appearing.
I hope this tutorial helped you to password protect your WordPress admin(WP-Admin) or login(WP-login.php) page. If you are getting an error, do let us know in the comment section. If you like this tutorial, do share it with your friends.
- How to Create a Temporary Login Without Password in WordPress
- How to Change WordPress Login URL for Better Security
- How to Add Security Questions to Your WordPress Login Page
- How to Login Limit Attempts in WordPress