Last Updated: February 7, 2015 | Reading Time: 2 minutes
Everyone can easily guess how to enter your WordPress Admin Dashboard, yes by default it’s www.yoursite.com/wp-admin. Someone with evil-minded can easily target that login url using a brute-force software to try every username and password combination, that’s why we should never use a word based easy-guess password.
One of the basic protection is to use
.htaccess, I’ll show you how to do it.
First of all, create locally a file named .htpasswd, then generate a username and encrypted password using .htpasswd generator. Copy the result and paste into your newly created file.
Then upload the file into your server, you can put it somewhere inside or outside
public_html folder. In me case I put it into
Next step is to create
.htaccess file, create
.htaccess file with the same way you did on
.htaccess, here’s my code:
ErrorDocument 401 “Denied”
ErrorDocument 403 “Denied”
# Allow plugin access to admin-ajax.php
# around password protection
Allow from all
AuthName “Admin Only”
and upload it to
You can test it by visiting your admin URL yourdomain.com/wp-admin and you will be prompted by a dialog box requested username and password.
One more thing to do is protecting wp-login.php which is reside inside your root instalation of WordPress. I use the code below to protect it, just add after your WordPress’
AuthName “Login Required”
Well done, now your wp-admin protected. Actually there are few more tricks how to protect your WordPress instalation, I’ll share it in another post. Thanks for reading.