How to Stop Unauthorized Login Attempts to WordPress?

0
1762

The security of WordPress can be hardened by incorporating wp-login php and wp-admin protection with password. Using a strong password is safe enough to stop unauthorized login attempts to wp-admin and wp-login.php in WordPress, which is also one of the best tips to secure a WordPress website. However, this also means that you are only putting one player of protection between your account and the hackers. Read this article and you will know how you can stop unauthorized login attempts to wp-admin and wp-login.php.

Password Protection for WordPress Logins

Password Protection for WordPress loginsThe steps mentioned below help you in creating a strong password protection for the directory of your wp-admin. These rules can also be used for the protection of your wp-login.php script for keeping your WordPress account secure.
You need to ensure that you got the following Error Document tags in your file of .htaccess in case you obtain a redirect loop:

In addition, you also need to ensure that you allow wp-admin/admin-ajax.php requests without creating any password protection.

Steps

Follow the steps in below to create password protection:
1. Go to the section of Security in your WordPress account and click on the option of Password Protect Directories. Now, select the second option for your website domain and click on Go.
Stop Unauthorized WordPress Login Attempts -1
The option of Password Protect Directories allows you requiring username and a password for getting an access to folders from the web. This is quite beneficial when it comes to limiting your access to a particular element of a website.

2. Now click on the wp-directory.
Stop Unauthorized WordPress Login Attempts -2
Now, check out the option of Password protect this directory. Dub it another name that you want and then Save it and click the button of Go Back.
Stop Unauthorized WordPress Login Attempts -2.1
3. Click on the option of Password Generator. After clicking on the Generate Password option for few times, copy your password. Now, do as what the screenshot shows in below.
Stop Unauthorized WordPress Login Attempts - 3
4. Type the username and then choose the option of Add/modify the authorized user.
Stop Unauthorized WordPress Login Attempts - 4
5. Now try to get an access to your directory of wp-admin. You will be prompted by your browser for your recently created password. Type your username and password and then click on the option of login.
Stop Unauthorized WordPress Login Attempts - 5
6. You will see your WordPress admin page of login.
Stop Unauthorized WordPress Login Attempts - 6
A redirect loop may appear in front of your computer screen at this point. If this happens, you need to make sure that you have already created the error documents that have been mentioned above.

7. Go back to your control panel. Click on the option of File Manager present under the section of files. Now, select the last option within Directory Selection, check first box behind the domain and then select Go.
Stop Unauthorized WordPress Login Attempts - 7
8. Expand public_html and check wp-admin and right click on the chosen .htaccess file. Click on the option of Edit. Click on edit again for bypassing that in order to encode pop-up.
Stop Unauthorized WordPress Login Attempts - 8
Next, copy all the code of the .htaccess file and click on the option of public_html from the left hand directory listing. Now, right click on the file of .htaccess and then choose the option of Edit.
Stop Unauthorized WordPress Login Attempts - 9
Paste the code of .htaccess that you already copied and paste it in between <FilesMatch> tags. This way, it would end up like:
Stop Unauthorized WordPress Login Attempts Code 1
Now, click on the option of Save Changes present on the top right corner.

Code Review

This way, you will be able to have /wp-admin/.htaccess file password that will protect your /wp-admin directory. Copy this same password to the main .htaccess file so you can protect the script of wp-login.php too.
Stop Unauthorized WordPress Login Attempts Code 3
In case someone attempts to login directly through wp-login.php, he will be stopped for a valid user.
Stop Unauthorized WordPress Login Attempts - 10
Stop Unauthorized WordPress Login Attempts - 11
When users type in the wrong credentials, they will see an Authorization Required error and they will not be allowed to login to your WordPress admin.