When you read the title, what did you think? What’s this nonsense, wp-admin is already protected. Well, that is true, but to add an additional layer of security popular sites often add an extra layer of authentication. Popular Site like Mashable & WPBeginner does the same to protect their Admin Directory. In this article, we will show you a step by step guide on How to Password Protect WordPress Admin (wp-admin) Directory.
In this article, we will cover cPanel Web Hosting Companies because it provides an easy interface to add password protected directories and also the manual method of doing so.
Watch the Video above, if you don’t like the video or want more details then continue reading..
Protecting wp-admin with Directory Privacy
First login to your cPanel account and then Navigate to Directory Privacy, it can be under Files section or also under Security section.
After you click on that it will take you to a new page where it will ask for the directory which you want to protect, click on public_html and then wp-admin.
Now create a user for the directory. That is it. Now when you try to access your wp-admin directory, you should see an authentication required box. You can log in with the username and password you’ve set for the directory.
If the above method didn’t work well or if you are getting any error then try the Manual Method. First, create a .htpasswds file. You can do so easily by using this generator. Now upload this file anywhere outside public_html directory.
After uploading the .htpasswd file, create a .htaccess in the directory which you want to protect, in this case make a .htaccess file under public_html/wp-admin.
Now add the following code there (in .htaccess file under wp-admin):
AuthName "Tricks Pit Admins Only" AuthUserFile /home/user/yourdirectory/.htpasswd AuthGroupFile /dev/null AuthType basic require user putyourusernamehere
You must update your username in there. Also don’t forget to update the AuthUserFile location path.
I am getting Error Too Many Redirects!
This can happen, I also faced this error. This totally depends on how your server is configured. To fix this open the main WordPress .htaccess file and add this code before WordPress rules start.
# Error Too Many Redirects - Fix ErrorDocument 401 default # Add this before WordPress Rules Start - TricksPit.com
Well there you have it. Now you have double authentication for your WordPress admin area. This adds an extra layer of security for your WordPress Admin Dashboard, but there are many more things that matter. Read – How to Manually Install WordPress Using cPanel.