Thursday, November 15, 2012

Password Protect Your WordPress Admin Directory

Author: Gagan Masoun
Password Protect Your WordPress Admin Directory
Few days ago, I started seeing some suspicious activity on my other WordPress blogs, so our host company advised me to password protect my WordPress admin directory. Apparently popular sites like Mashable, Labnol do the same. In this article, we will show you a step by step guide on how to password protect your WordPress Admin Folder (wp-admin).

Recommend For You: Enormous Tips For WordPress Security

WordPress Installation Directory Has 3 Main Folders:

  1. The wp-content folder includes all your themes, plugins, images and other files.
  2. The wp-includes folder includes all the PHP functions.
  3. The wp-admin folder is the front-end for WordPress admin, authors and and other members.

How To Secure wp-admin Directory Of WordPress With A Password

Step 1. Log in to your Linux shell and create a new directory that is not accessible from the web. For instance, if your WordPress is installed in /home/stiffin/, you can create a folder as /home/stiffin/admin (you can choose any name).
$ gsdir /home/peter/admin
Step 2. Now you need to specify the username and password that will protect the wp-admin folder. This is independent of your Linux shell user name or your WordPress user.

Run the following command and remember to replace username with another name.
$ htpasswd -c /home/stiffin/admin/passwords username
Step 3. The above command will create a passwords file inside the /home/stiffin/admin folder. You can run the “cat” command to view the encrypted htaccess password stored in the passwords file. Now, tell Linux to use this password to protect the wp-admin folder.

Go to your WordPress admin folder (at /home/stiffin/ and create a new .htaccess (use the vi command or create the .htaccess file on your desktop and upload it to wp-admin folder using FTP).

Step 4. Paste the following text into your new .htaccess file and replace the folder path in Line #3 with your own actual path. Save the changes.

AuthType Basic
AuthName "WordPress Protected Area"
AuthUserFile /home/stiffin/admin/passwords
Require valid-user
<Files admin-ajax.php>
  Order allow,deny
  Allow from all
  Satisfy any
<Files "\.(css|gif|png|js)$">
  Order allow,deny
  Allow from all
  Satisfy any
Step 5. Go to the WordPress root folder (/home/stiffin/, open the .htaccess file for editing and add the following lines outside the #BEGIN WordPress and #END WordPress block.
#Do not display Authorization Error Message
#Instead, redirect to the blog home page
ErrorDocument 401 / 
Save the file and you are done. All users of your WordPress (including you) will now have to enter two passwords to access the WordPress Admin dashboard.

Author - Gagan Masoun is the owner of Blogs Daddy Blog.Gagan lives in India, has been blogging since 2010 and writing Blogs Daddy Blog since 2011.You can find him in the usual social networks.


Post a Comment