Skip to main content

Password Protect your WordPress Admin Folder

By
WordPress websites and blogs are prone to Brute Force attacks and a recommended way to prevent your site against such attacks is to protect your wp-admin folder with a password. Let me explain.
Your WordPress installation directory has three main folders:
  • the wp-content folder includes all your themes, plugins, images and other uploaded files.
  • the wp-includes folder includes all the PHP functions that actually run WordPress.
  • the wp-admin folder is the front-end for WordPress admin, authors and and other members.
Unlike the public HTML pages and images of your WordPresss website, the Admin dashboard area requires a username and password and is thus accessible only to “authorized” users. However, to make your WordPress more secure, you can add an extra layer of security to the wp-admin folder so that even authorized users can’t just get in with their WordPress passwords.

Secure wp-admin directory of WordPress with a Password

Here’s a step by step guide on how to password protect the wp-admin folder of WordPress. This assumes that you have installed WordPress on a Linux machine with the Apache web server.
Step 1. Log in to your Linux shell and create a new directory that is not accessible from the web. For instance, if your WordPress is installed in /home/peter/example.com/wordpress, you can create a folder as /home/peter/admin (you can give any name).
Step 2. Now we need to specify the username and password that will protect the wp-admin folder. This is independent of your Linux shell user name or your WordPress user.
Run the following command and remember to replace username with another name.
Step 3. The above command will create a passwords file inside the /home/peter/admin folder. You can run the “cat” command to view the encrypted htaccess password stored in the passwords file. Next we need to tell Linux to use this password to protect the wp-admin folder.
Go to your WordPress admin folder (at /home/peter/example.com/wordpress/wp-admin/) and create a new .htaccess (use the vi command or create the .htaccess file on your desktop and upload it to wp-admin folder using FTP).
Step 4. Paste the following text into your new .htaccess file and replace the folder path in Line #3 with your own actual path. Save the changes.
Step 5. Switch to the WordPress root folder (/home/peter/example.com/wordpress), open the .htaccess file for editing and add the following lines outside the #BEGIN WordPress and #END WordPress block.


Save the file and you are done. All users of your WordPress (including you) will now have to enter two passwords to access the WordPress Admin dashboard.

Comments

Post a Comment

Popular posts from this blog

How to Secure Your Wireless (Wi-Fi) Home Network

By
Wireless Networking (Wi-Fi) has made it so easy for anyone to use Internet on your computer, mobile phones, tablets and other wireless devices anywhere in the house without the clutter of cables. With traditional wired networks, it is extremely difficult for someone to steal your bandwidth but the big problem with wireless signals is that others can access the Internet using your broadband connection even while they are in a neighboring building or sitting in a car that’s parked outside your apartment. This practice, also known as piggybacking, is bad for three reasons: It will increase your monthly Internet bill especially when you have to pay per byte of data transfer. It will decrease your Internet access speed since you are now sharing the same internet connection with other users. It can create a security hazard* as others may hack your computers and access your personal files through your own wireless network. [*] What do the bad guys use  – There ha...
Post a Comment
Read more

Twitter Guide: How To Do Everything With Twitter

By
The first tweet was published almost 8 years ago and Twitter has come a long way since then. There’s a whole ecosystem of apps and services available now that allow us to use Twitter in more ways than ever before. This guide curates the best tools that will help you get the most out of Twitter. 1.  Nuzzel  – This works as an intelligent filter for Twitter and helps you discover the most popular news stories shared across your Twitter network. All signal, no noise. 2.  Flipboard  – Connect your Twitter account to Flipboard and it will create a beautiful magazine for all your Twitter feeds that you can flip through on the web (example), mobile and Windows 10 devices. 3.  LifeOnTwitter  – Get interesting statistics and facts about your Twitter account (example). 4.  TallTweets  – It lets you send tweets of any length by slicing your long tweet into multiple 140-character tweets (sample) and sending them ...
Post a Comment
Read more

Make International Phone Calls from your Mobile even without the Internet

By Anonymous
While apps like Skype or Viber let you make cheap (or even free) international phone calls, you need to connected to WiFi for these apps to work. Meet an alternate that offers similar features but needs no Internet. H o w do you make international calls from your mobile phone? Mobile carriers often charge exorbitant rates for international phone calls but you can Internet based services like Skype or Google Hangouts and call any landline or cell phone number in the world for a low per minute fee. All you need is a mobile phone connected to a Wi-Fi hotspot and some credit balance in your account for making the phone call. You can use these VoIP apps when travelling overseas as well and make significant savings for both domestic and international calls. Now consider a scenario where you have a mobile phone but there’s no Wi-Fi around and the 3G/4G services are either slow or unavailable. Would you still be able to place calls through any of these apps? The answer is obviously in ...
Post a Comment
Read more