Skip to main content

Password Protect your WordPress Admin Folder

By
WordPress websites and blogs are prone to Brute Force attacks and a recommended way to prevent your site against such attacks is to protect your wp-admin folder with a password. Let me explain.
Your WordPress installation directory has three main folders:
  • the wp-content folder includes all your themes, plugins, images and other uploaded files.
  • the wp-includes folder includes all the PHP functions that actually run WordPress.
  • the wp-admin folder is the front-end for WordPress admin, authors and and other members.
Unlike the public HTML pages and images of your WordPresss website, the Admin dashboard area requires a username and password and is thus accessible only to “authorized” users. However, to make your WordPress more secure, you can add an extra layer of security to the wp-admin folder so that even authorized users can’t just get in with their WordPress passwords.

Secure wp-admin directory of WordPress with a Password

Here’s a step by step guide on how to password protect the wp-admin folder of WordPress. This assumes that you have installed WordPress on a Linux machine with the Apache web server.
Step 1. Log in to your Linux shell and create a new directory that is not accessible from the web. For instance, if your WordPress is installed in /home/peter/example.com/wordpress, you can create a folder as /home/peter/admin (you can give any name).
Step 2. Now we need to specify the username and password that will protect the wp-admin folder. This is independent of your Linux shell user name or your WordPress user.
Run the following command and remember to replace username with another name.
Step 3. The above command will create a passwords file inside the /home/peter/admin folder. You can run the “cat” command to view the encrypted htaccess password stored in the passwords file. Next we need to tell Linux to use this password to protect the wp-admin folder.
Go to your WordPress admin folder (at /home/peter/example.com/wordpress/wp-admin/) and create a new .htaccess (use the vi command or create the .htaccess file on your desktop and upload it to wp-admin folder using FTP).
Step 4. Paste the following text into your new .htaccess file and replace the folder path in Line #3 with your own actual path. Save the changes.
Step 5. Switch to the WordPress root folder (/home/peter/example.com/wordpress), open the .htaccess file for editing and add the following lines outside the #BEGIN WordPress and #END WordPress block.


Save the file and you are done. All users of your WordPress (including you) will now have to enter two passwords to access the WordPress Admin dashboard.

Comments

Post a Comment

Popular posts from this blog

The Best Google Font Combinations That Look Good Together

By
Whether you are creating a website, writing your resume or designing a presentation, the fonts or typeface you choose can make a notable difference. The Google Fonts directory offers a myriad of choices but how do you pick the correct font for your digital projects? Should you go for Serif fonts or Sans Serif or a combination of serifs and sans serifs? Typography is an art and, with thousands of fonts available, it is obviously difficult for non-designers to find that perfect font combination. Need help? Here are some useful font pairing websites where type masters have already done the hard work and all you can do is follow their recommendations to pick the most elegant and gorgeous Google fonts combination for your web and print projects. 1.  Beautiful Web Type  ( hellohappy.org ) – Chad Mazzola has created a beautiful showcase of high-quality typefaces from the Google Fonts website. You’ll discover some creative usage of fonts here though they haven’t updated ...
1 comment
Read more

A Wireless USB Stick that Expands your Phone’s Storage (And a Giveaway)

By
W hat do you do when your mobile phone has limited storage and there’s no option to add an external SD card? How do you carry all your videos and documents where there’s not an iota of space left on the device? Yes, you do have cloud-based services like Dropbox or Google Drive that add virtually unlimited storage to your phone but you’ve to be connected to the Internet to access your files. This week I’ve been testing a wireless USB stick from Sandisk that adds storage to your phones and tablets much like a regular USB drive. To get started, you plug the USB device into your laptop or desktop computer and let it charge for about an hour or two. You can also transfer the files to the stick from the computer through Windows Explorer or Finder on Mac. Once the device is charged, you tap the little power button on the stick to turn it on. Now install the Sandisk Connect app on your mobile phone, go to WiFi settings on your phone and connect to the Wi-Fi hotspot created by the...
Post a Comment
Read more

How to Secure Your Wireless (Wi-Fi) Home Network

By
Wireless Networking (Wi-Fi) has made it so easy for anyone to use Internet on your computer, mobile phones, tablets and other wireless devices anywhere in the house without the clutter of cables. With traditional wired networks, it is extremely difficult for someone to steal your bandwidth but the big problem with wireless signals is that others can access the Internet using your broadband connection even while they are in a neighboring building or sitting in a car that’s parked outside your apartment. This practice, also known as piggybacking, is bad for three reasons: It will increase your monthly Internet bill especially when you have to pay per byte of data transfer. It will decrease your Internet access speed since you are now sharing the same internet connection with other users. It can create a security hazard* as others may hack your computers and access your personal files through your own wireless network. [*] What do the bad guys use  – There ha...
Post a Comment
Read more