How to Password Protect the WordPress wp-admin Directory in cPanel Print

  • 47

Enhancing the security of your WordPress website is a critical aspect of web administration. Password-protecting your /wp-admin/ directory adds an additional layer of security that can deter bots and unauthorized access attempts. If a bot or an unauthorized user fails this secondary authentication, they can be blocked at the firewall level, reducing the chances of a successful attack.

Here are the detailed steps to implement this level of protection:


  • Ensure you are logged in to your cPanel account
  • Backup your .htaccess file and other critical data before proceeding


  1. Log in to cPanel: Access your cPanel account by visiting or through the client area dashboard.

  2. Navigate to Security: Once logged in, look for the "Security" section and click on "Password Protect Directories."

  3. Locate wp-admin Directory: Scroll through the directory list and locate the "wp-admin" directory. Click on it to select it.

  4. Enable Password Protection: Tick the checkbox next to "Password protect this directory."

  5. Name the Protected Directory: In the text box labeled "Name the protected directory," enter a custom name such as "Protected Admin Area" and click "Save."

  6. Confirmation: Once saved, you will receive a confirmation screen. Click on "Go back."

  7. Create User Credentials: Under "Create User:", input a new username and a strong password. These credentials will be required for accessing Click "Add/Modify Authorized User."

  8. Open File Manager: Return to the cPanel main dashboard and open the File Manager. Ensure that "Show Hidden Files (dotfiles)" is selected when prompted.

  9. Edit .htaccess File: Navigate to the "wp-admin" directory, locate and highlight the .htaccess file. Click on "Code Editor" and then click "Edit."

  10. Add Additional Code: At the end of the .htaccess file, append the following line to enable WordPress to recognize the new security feature:

ErrorDocument 401 default

  1. After appending, click "Save."


To test the new security measure, attempt to access your /wp-admin/ directory. You should be prompted for the username and password you just created. If not, or if you encounter any issues, refer to our knowledge base for troubleshooting or submit a support ticket.

Was this answer helpful?

« Back