How to protect or make more secure your wordpress website

As you read the title, you are probably wondering isn’t the wp-admin directory already password protected. You are required to login right. Well that is true, but to add an additional layer of security popular sites often add an extra layer of authentication. Few days ago, we started seeing some suspicious activity on WPBeginner, so our host HostGator advised us to password protect our WordPress admin directory. Apparently popular sites like Mashable do the same. In this article, we will show you a step by step guide on how to password protect your WordPress admin (wp-admin) directory.

To keep things easy and simple, we will only cover cPanel web hosting companies here just because cPanel has an easy enough interface to add password protected directories.

When you click on that, a lightbox popup will show up asking for directory location. Just click on web root. Once you are there, navigate to the folder where your WordPress is hosted. Then click on the /wp-admin/ folder. You will see a screen like this:

Simply check the box to password protect the directory. Then create a user for the directory. That is it. Now when you try to access your wp-admin directory, you should see an authentication required box like this:

Manual Method

First create a .htpasswds file. You can do so easily by using this generator. Upload this file outside your /public_html/ directory. A good path would be:

home/user/.htpasswds/public_html/wp-admin/passwd/

Then, create a .htaccess file and upload it in /wp-admin/ directory. Then add the following codes in there:

AuthName "Admins Only"

AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd

AuthGroupFile /dev/null

AuthType basic

require user putyourusernamehere


You must update your username in there. Also don’t forget to update the AuthUserFile location path.

I have a 404 Error or a Too many redirects error

Well this can happen depending on how your server is configured. To fix this issue, open your main WordPress .htaccess file and add the following code there before the WordPress rules start.




1


ErrorDocument 401 default






Well there you have it. Now you have double authentication for your WordPress admin area. This is a good alternative to limiting wp-admin access by IP address.

Update: Here is how to fix the Admin Ajax Issue

If you password protect your WordPress Admin directory, then it will break the Ajax functionality in the front-end (if it is being used). In our case, we don’t have any plugins that is using ajax in the front-end. But if you do, then here is how you fix that issue.

Open the .htaccess file located in your /wp-admin/ folder (This is NOT the main .htaccess file that we edited above).

In the wp-admin .htaccess file, paste the following code:

<Files admin-ajax.php>

    Order allow,deny

    Allow from all

    Satisfy any 

</Files>

Tappay payment gateway integration woocommerce

TapPay offers fast payment flow integration, allowing your customers to pay with a click of a button instead of redirecting to other websites, in this article you will see how you can integrate Tappay payment gateway with woocommerce . how you get Tappay payment gateway woocommerce module and integrate it. When it comes to data security, TapPay is also very safe and reliable . TapPay provides friendly and flexible payment service, which allows citiesocial users to enjoy wonderful shopping experience.It has a significant impact on improving e-commerce conversion rate and lower operation cost. Tappay payment gateway integration woocommerce Tappay payment gateway integration woocommerce Integrated Payments Exclusive Cross-site modules for seamless checkout experiences Tokenized card management, Card-Free experience and self-updating card expiration dates TapPay is compatible with multiple payment method and E-wallet, including Apple Pay / Goo...

Parasut Accounting & Invoicing integration with woocommerce

Parasut Accounting & Invoicing integration with woocommerce Parasut is a cloud-based finance management application for Small Business Owners in Turkey. Please use Paraşüt mobile application alongside the web application to benefit from all features. Paraşüt Accounting & Invoicing integration with woocommerce is useful for automation and fast process stop manual creating invoice will save time and efforts. Why e-Invoice with Parasut ? Manage your application processes with our e-invoice transition consultant. Switch to e-invoice within 30 minutes* without leaving your seat. Parasut Accounting & Invoicing integration with woocommerce Use it at Affordable Prices Get rid of fees such as integration and training fees. Send e-invoices with affordable e-top-up prices. Integrated Pre-Accounting When using e-document services with Paraşüt, manage your financial data from anywhere thanks to the features that will allow you to manage your preliminary accounting...

BARCLAYCARD EPDQ payment gateway integration woocommerce

WordPress WooCommerce Barclaycard ePDQ Payment Plugin supports the Hidden Authorisation. The Hidden Authorisation gives you the advantage that customers no longer have to leave your shop in order to enter their credit card data. The processing occurs unnoticed in the background between WordPress WooCommerce and Barclaycard ePDQ. No credit card data is saved. Requires PCI DSS SAQ A-EP Certification. In addition to Hidden Authorization, other authorization methods that are fully PCI DSS compliant (Payment Page, Widget, Iframe, etc.) are also supported. A detailed list of supported features can be found below. BARCLAYCARD EPDQ payment gateway integration woocommerce BARCLAYCARD EPDQ payment gateway integration woocommerce main points Compatibility with Barclaycard ePDQ (essential, extra, or extra plus) The ability to process refunds directly in your WooCommerce admin panel Secure 3D Secure v2 authentication PSD2 & SCA compliance A setup wizard to guide you through the integratio...

lalit yadav

Search This Blog