Enhancing the security of your WordPress website is a critical aspect of web administration. Password-protecting your /wp-admin/
directory adds an additional layer of security that can deter bots and unauthorized access attempts. If a bot or an unauthorized user fails this secondary authentication, they can be blocked at the firewall level, reducing the chances of a successful attack.
Here are the detailed steps to implement this level of protection:
Prerequisites
- Ensure you are logged in to your cPanel account
- Backup your
.htaccess
file and other critical data before proceeding
Steps
-
Log in to cPanel: Access your cPanel account by visiting
https://yourdomain.com:2083
or through the client area dashboard. -
Navigate to Security: Once logged in, look for the "Security" section and click on "Password Protect Directories."
-
Locate wp-admin Directory: Scroll through the directory list and locate the "wp-admin" directory. Click on it to select it.
-
Enable Password Protection: Tick the checkbox next to "Password protect this directory."
-
Name the Protected Directory: In the text box labeled "Name the protected directory," enter a custom name such as "Protected Admin Area" and click "Save."
-
Confirmation: Once saved, you will receive a confirmation screen. Click on "Go back."
-
Create User Credentials: Under "Create User:", input a new username and a strong password. These credentials will be required for accessing
https://yourdomain.com/wp-admin/
. Click "Add/Modify Authorized User." -
Open File Manager: Return to the cPanel main dashboard and open the File Manager. Ensure that "Show Hidden Files (dotfiles)" is selected when prompted.
-
Edit .htaccess File: Navigate to the "wp-admin" directory, locate and highlight the
.htaccess
file. Click on "Code Editor" and then click "Edit." -
Add Additional Code: At the end of the
.htaccess
file, append the following line to enable WordPress to recognize the new security feature:
ErrorDocument 401 default
-
After appending, click "Save."
Testing
To test the new security measure, attempt to access your /wp-admin/
directory. You should be prompted for the username and password you just created. If not, or if you encounter any issues, refer to our knowledge base for troubleshooting or submit a support ticket.