Facebook Twitter Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    You are at:Home»CMS»WordPress»How to Password Protect WordPress Admin (wp-admin) URL

    How to Password Protect WordPress Admin (wp-admin) URL

    By RahulJanuary 1, 20172 Mins ReadUpdated:August 17, 2019

    WordPress is the most popular content management system used world-wide. This tutorial will help you to set up password-protected WordPress admin wp-admin directory and make it secure from public use. So that

    Advertisement

    Step 1 – Generate .htpasswd File

    If you have shell access, you can generate a .htpasswd file using the command line. First, create the directory structure where you want to place this file. It will good to put this file outside of document root.

    touch /etc/apache2/.htpasswds/.htpasswd
    

    Now use the following command to create the first user in .htpasswd. cPanel users can use their dashboard to generate this file. If you don’t have shell access, you can use online htpasswd generator it and put on your server.

    htpasswd -m /etc/apache2/.htpasswds/.htpasswd user1
    

    Step 2 – Configure .htaccess

    Now create a .htaccess under wp-admin directory on server and put following content. Update the location of AuthUserFile properly as per location of .htpasswd on your server.

    # Password Protected wp-admin directory
    AuthType basic 
    AuthName "Only Admin Allowed"
    AuthUserFile /etc/apache2/.htpasswds/.htpasswd 
    AuthGroupFile /dev/null
    require valid-user
    
    <Files admin-ajax.php>
        Order allow,deny
        Allow from all
        Satisfy any
    </Files>
    

    Step 3 – Access Your Website

    Now visit your WordPress website home page, It will not prompt for any password. But when you navigate to wp-admin directory, It will prompt for authentication.

    admin Password Protected security WordPress wp-admin
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    10 Simple Ways to Speed Up Your WordPress Website

    10 Simple Ways to Speed Up Your WordPress Website

    How To Set Up SSH Keys in Linux

    How To Set Up SSH Keys in Linux

    Securing SSH Server in Linux

    How To Secure SSH Server

    View 5 Comments

    5 Comments

    1. Grzegorz Wronkowski on November 25, 2021 5:05 pm

      It doesn’t work on Apache 2.4

      Reply
      • Rahul on December 8, 2021 5:46 am

        Hi, This is still working for me. Make sure you have the “rewrite” module enabled in Apache.

        Reply
    2. Sally on August 18, 2019 10:38 am

      Hello Kamil
      How do I protect my wp-admin login page (back end) whist also allowing subscribers to log in to my website (front end)?
      Many thanks

      Reply
    3. kamil on June 1, 2019 5:11 am

      Why I need this lines of .htaccess?

      Order allow,deny
      Allow from all
      Satisfy any

      ?

      Reply
      • Alex Bovey on July 26, 2019 6:29 am

        It’s because the admin-ajax.php script is still used by the public facing website for AJAX requests, so it needs to bypass the htaccess authentication. I must admit I’m not sure why this file is in the wp-admin directory if it’s used by the public site.

        Reply

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • Error: EACCES: permission denied, scandir (Resolved)
    • How To Install Python 3.11 on Ubuntu 22.04 / 20.04
    • How to Install Python 3.11 on Amazon Linux 2
    • An Introduction to the “./configure” Command: Compiling Source Code in Linux
    • How to Install PHP 8.x on Pop!_OS
    Facebook Twitter Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.