Password protecting your /wp-admin/ folder is an easy way to add additional protection against bots and other unauthorized access attempts. At Hands-On, if a bot fails this additional check several times, they will be automatically blocked in the firewall, preventing further access attempts. To complete this protection, follow the below 10 steps:
1. Login to cPanel
2. Click "Password Protect Directories" under "Security"
3. Click the text of "wp-admin"
4. Click the checkbox next to "Password protect this directory:"
5. Enter a phrase such as "Protected" in the "Name the protected directory:" box, then click save.
6. Click "Go back" after receiving the confirmation screen.
7. Under "Create User:", create a new username and password that must be entered when you visit yourdomain.com/wp-admin/, and click Add/Modify authorized user.
8. Go back to the main cPanel page, and open the file manager. Ensure "Show Hidden Files (dotfiles)" is selected with the pop-up when visiting the File Manager.
9. Navigate into the wp-admin folder, and click the .htaccess file to highlight it. Once it is highlighted, click "Code Editor" at the top and click "Edit"
10. At the bottom of the file, add the following code to allow wordpress to recognize this additional password protection, and click save:
ErrorDocument 401 default
You may now attempt to access your wp-admin/ folder again through the browser. As always, if you have any questions or concerns, please open up a support ticket through your client area
