Skip to main content

How to protect or make more secure your wordpress website

How to protect or make more secure your wordpress website


As you read the title, you are probably wondering isn’t the wp-admin directory already password protected. You are required to login right. Well that is true, but to add an additional layer of security popular sites often add an extra layer of authentication. Few days ago, we started seeing some suspicious activity on WPBeginner, so our host HostGator advised us to password protect our WordPress admin directory. Apparently popular sites like Mashable do the same. In this article, we will show you a step by step guide on how to password protect your WordPress admin (wp-admin) directory.

To keep things easy and simple, we will only cover cPanel web hosting companies here just because cPanel has an easy enough interface to add password protected directories.

Login to your cPanel. Scroll down till you see the Security Tab. Click on the “Password Protect Directories” icon.

When you click on that, a lightbox popup will show up asking for directory location. Just click on web root. Once you are there, navigate to the folder where your WordPress is hosted. Then click on the /wp-admin/ folder. You will see a screen like this:


Simply check the box to password protect the directory. Then create a user for the directory. That is it. Now when you try to access your wp-admin directory, you should see an authentication required box like this:

Manual Method

First create a .htpasswds file. You can do so easily by using this generator. Upload this file outside your /public_html/ directory. A good path would be:

home/user/.htpasswds/public_html/wp-admin/passwd/

Then, create a .htaccess file and upload it in /wp-admin/ directory. Then add the following codes in there:

AuthName "Admins Only"
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere

You must update your username in there. Also don’t forget to update the AuthUserFile location path.

I have a 404 Error or a Too many redirects error

Well this can happen depending on how your server is configured. To fix this issue, open your main WordPress .htaccess file and add the following code there before the WordPress rules start.
1
ErrorDocument 401 default
Well there you have it. Now you have double authentication for your WordPress admin area. This is a good alternative to limiting wp-admin access by IP address.
Update: Here is how to fix the Admin Ajax Issue
If you password protect your WordPress Admin directory, then it will break the Ajax functionality in the front-end (if it is being used). In our case, we don’t have any plugins that is using ajax in the front-end. But if you do, then here is how you fix that issue.
Open the .htaccess file located in your /wp-admin/ folder (This is NOT the main .htaccess file that we edited above).
In the wp-admin .htaccess file, paste the following code:
<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any
</Files>

Labels:

Comments

Post a Comment

Popular posts from this blog

Etisalat Payment Gateway Integration wordpress

Etisalat Payment Gateway Integration Wordpress What is Etisalat Payment Gateway? IPG (Etisalat Payment Gateway) is the only Payment Gateway in UAE offering electronic payment services especially in UAE and GCC countries. ... Etisalat Payment Gateway connects merchants (sellers of products) in a secure way with banks and financial institutions to process their transactions online. How do I pay my Etisalat bill online? Log on to www.etisalat.ae/quickpay to recharge your prepaid account easily, quickly and securely. Enter your mobile number, the amount, and pay using your credit or debit card. or you can integrate it to your website and receive payment via this gateway direct to you bank. How can I check my Etisalat offer? To check your balance: dial *121# To find prepaid offers and promotions: dial *101# To get Deal of the Day: dial *050# To transfer credit: type the command *100*mobile number*amount# and press ok. Etisalat Payment Gateway Integration wordpress ...
Post a Comment
Read more

Seamlessly Integrate Bexexpress API with WooCommerce for Efficient Shipping Management

 In today’s e-commerce world, efficient shipping management is crucial for providing a seamless customer experience. By integrating Bexexpress, a reliable shipping company, with WooCommerce via a custom WordPress plugin, businesses can automate shipping processes and keep their customers satisfied. What is Bexexpress and Why Choose It? Bexexpress is a trusted shipping and logistics service that offers timely delivery solutions. For WooCommerce store owners, integrating Bexexpress API helps simplify shipping processes and provides an easy way to track shipments in real-time. Bexexpress API WooCommerce integration plugin Benefits of Integrating Bexexpress API with WooCommerce Automated Shipping Calculations:  The integration enables automatic shipping cost calculation based on the customer’s location. Real-Time Tracking:  Display real-time tracking information directly in your WooCommerce store, keeping your customers informed. Improved Order Management:  Manage all o...
Post a Comment
Read more

7 Free Payment gateway india, zero transaction charges payment direct to bank account

ICICI bank payment gateway icici eazy pay and icici first data, most popular icici eazy pay are the example of payment gateway provide by ICICI bank, for different purpose. AXIS bank payment gateway Axis Bank’s world-class Internet Payment Gateway Solution allows you to accept payments on a 24 X 7 basis from around the world. We accept all local and international Visa, MasterCard and maestro cards. Axis bank provide robust transaction processes with enviable uptime and convenience. IPG is a premium service for Merchants with a transaction capable website. All transactions come with 128 bit security and two factor authentication via MasterCard Secure Code and Verified-by-Visa authentication. Merchants across categories such as Airlines, Online Travel Portals, Educational Institutions, Insurance Companies, Utilities, Govt. entities, Shopping portals, Multiplexes, Lifestyle & luxury merchants etc. have embraced our Card acceptance solutions. As a Merchant, availin...
Post a Comment
Read more