WordPress is the most popular content management system used world-wide. This tutorial will help you to set up password-protected WordPress admin wp-admin directory and make it secure from public use. So that
Step 1 – Generate .htpasswd File
If you have shell access, you can generate a .htpasswd file using the command line. First, create the directory structure where you want to place this file. It will good to put this file outside of document root.
touch /etc/apache2/.htpasswds/.htpasswd
Now use the following command to create the first user in .htpasswd. cPanel users can use their dashboard to generate this file. If you don’t have shell access, you can use online htpasswd generator it and put on your server.
htpasswd -m /etc/apache2/.htpasswds/.htpasswd user1
Step 2 – Configure .htaccess
Now create a .htaccess under wp-admin directory on server and put following content. Update the location of AuthUserFile properly as per location of .htpasswd on your server.
# Password Protected wp-admin directory AuthType basic AuthName "Only Admin Allowed" AuthUserFile/etc/apache2/.htpasswds/.htpasswd AuthGroupFile /dev/null require valid-user <Files admin-ajax.php> Order allow,deny Allow from all Satisfy any </Files>
Step 3 – Access Your Website
Now visit your WordPress website home page, It will not prompt for any password. But when you navigate to wp-admin directory, It will prompt for authentication.
5 Comments
It doesn’t work on Apache 2.4
Hi, This is still working for me. Make sure you have the “rewrite” module enabled in Apache.
Hello Kamil
How do I protect my wp-admin login page (back end) whist also allowing subscribers to log in to my website (front end)?
Many thanks
Why I need this lines of .htaccess?
Order allow,deny
Allow from all
Satisfy any
?
It’s because the admin-ajax.php script is still used by the public facing website for AJAX requests, so it needs to bypass the htaccess authentication. I must admit I’m not sure why this file is in the wp-admin directory if it’s used by the public site.