The security of WordPress can be hardened by incorporating wp-login php and wp-admin protection with password. Using a strong password is safe enough to stop unauthorized login attempts to wp-admin and wp-login.php in WordPress, which is also one of the best tips to secure a WordPress website. However, this also means that you are only putting one player of protection between your account and the hackers. Read this article and you will know how you can stop unauthorized login attempts to wp-admin and wp-login.php.
Password Protection for WordPress Logins
The steps mentioned below help you in creating a strong password protection for the directory of your wp-admin. These rules can also be used for the protection of your wp-login.php script for keeping your WordPress account secure.
You need to ensure that you got the following Error Document tags in your file of .htaccess in case you obtain a redirect loop:
In addition, you also need to ensure that you allow wp-admin/admin-ajax.php requests without creating any password protection.
Steps
Follow the steps in below to create password protection:
1. Go to the section of Security in your WordPress account and click on the option of Password Protect Directories. Now, select the second option for your website domain and click on Go.
The option of Password Protect Directories allows you requiring username and a password for getting an access to folders from the web. This is quite beneficial when it comes to limiting your access to a particular element of a website.
2. Now click on the wp-directory.
Now, check out the option of Password protect this directory. Dub it another name that you want and then Save it and click the button of Go Back.
3. Click on the option of Password Generator. After clicking on the Generate Password option for few times, copy your password. Now, do as what the screenshot shows in below.
4. Type the username and then choose the option of Add/modify the authorized user.
5. Now try to get an access to your directory of wp-admin. You will be prompted by your browser for your recently created password. Type your username and password and then click on the option of login.
6. You will see your WordPress admin page of login.
A redirect loop may appear in front of your computer screen at this point. If this happens, you need to make sure that you have already created the error documents that have been mentioned above.
7. Go back to your control panel. Click on the option of File Manager present under the section of files. Now, select the last option within Directory Selection, check first box behind the domain and then select Go.
8. Expand public_html and check wp-admin and right click on the chosen .htaccess file. Click on the option of Edit. Click on edit again for bypassing that in order to encode pop-up.
Next, copy all the code of the .htaccess file and click on the option of public_html from the left hand directory listing. Now, right click on the file of .htaccess and then choose the option of Edit.
Paste the code of .htaccess that you already copied and paste it in between <FilesMatch> tags. This way, it would end up like:
Now, click on the option of Save Changes present on the top right corner.
Code Review
This way, you will be able to have /wp-admin/.htaccess file password that will protect your /wp-admin directory. Copy this same password to the main .htaccess file so you can protect the script of wp-login.php too.
In case someone attempts to login directly through wp-login.php, he will be stopped for a valid user.
When users type in the wrong credentials, they will see an Authorization Required error and they will not be allowed to login to your WordPress admin.