Password protecting your /wp-admin/ folder is an effective method to enhance security against bots and other unauthorized access attempts. At Hands-On, if a bot fails this additional check several times, they will be automatically blocked in the firewall, preventing further access attempts. To implement this protection, follow these 10 steps:
- Log in to cPanel.
- Under "Security," click "Password Protect Directories."
- Locate and click the "wp-admin" directory.
- Check the box next to "Password protect this directory."
- Enter a phrase, such as "Protected," in the "Name the protected directory:" box, and then click "Save."
- After receiving the confirmation screen, click "Go back."
- Under "Create User:", create a new username and password that must be entered when you visit yourdomain.com/wp-admin/, and click "Add/Modify Authorized User."
- Return to the main cPanel page and open the File Manager. When prompted, ensure "Show Hidden Files (dotfiles)" is selected.
- Navigate to the wp-admin folder, and click the .htaccess file to highlight it. Once highlighted, click "Code Editor" at the top and click "Edit."
- At the bottom of the file, add the following code to enable WordPress to recognize this additional password protection, and click "Save":
ErrorDocument 401 default
You can now try accessing your wp-admin/ folder through the browser. If you encounter any issues or have questions, please open a support ticket through your client area.