How to protect wp-admin folder yourself:
1. Log on to cPanel
2. From menu File Manager -> search for folder you want to protect with additional password, make a mouse right button click on this folder and choose “Password Protect” from the drop down menu
3. Enter:
– Secure area name
– Secure area username
– Secure area password (NB! Recommended password is 20 char long, contains a-z A-Z 0-9 ,.#!$* and can not be guessed by dictionary attack.)
wp-admin folder is now secured.
How to secure wp-login.php:
1. From cPanel go to File Manager -> search for WP root folder (folder where WP is installed) , open/create .htaccess from/for that folder.
2. Add to .htaccess before #Wordpress begin# tags the same code You generated for wp-admin folder .htaccess
Sample code:
01 |
ErrorDocument 401 "Access Denied" |
02 |
ErrorDocument 403 "Access Denied" |
04 |
<FilesMatch "wp-login.php"> |
05 |
AuthGroupFile /dev/null |
07 |
AuthUserFile /home/YOURUSERNAME/domains/YOURDOMAIN/.htpasswd/public_html/wp-admin/.htpasswd |
08 |
AuthName "YOURSECUREAREANAME" |
13 |
<Files admin-ajax.php> |
In case of errors:
1. Error 404 or constant “redirect loop”
You have forgot/needed to add following code to WP root folder .htaccess file at the beginning:
1 |
ErrorDocument 401 "Access Denied" |
2 |
ErrorDocument 403 "Access Denied" |
2. WP index page is asking for password although You secured wp-admin folder only
– Check that You secured certainly only wp-admin folder and not WP root folder
– It is possible that Your WP installation is using some third party plugin that is redirecting via admin-ajax.php . As that file resides in wp-admin folder – Password and username are being asked. Solution would be to add following lines to WP root folder .htaccess and wp-admin folder .htaccess: