WP-Mix

A fresh mix of code snippets and tutorials

Protect the WordPress Admin

A secure way to protect your site’s admin area is to lock it down with .htaccess.

There are two parts to protecting the WordPress Admin. First, add the following directives to your site’s root .htaccess file:

<Files wp-login.php>
AuthUserFile /path/to/.htpasswd
AuthName "Restricted Area"
AuthType Basic
Require user username
</Files>

This protects the login page, which is outside of the actual admin directory. So next we want to secure the /wp-admin/ directory. Add the following directives to /wp-admin/.htaccess:

<Files *.php>
AuthUserFile /path/to/.htpasswd
AuthName "Restricted Area"
AuthType Basic
Require user username
</Files>

With both of these codes in place, all requests for the login page or anything in the admin area will require a valid username/password. Note that in order for these directives to work, you need to create a proper .htpasswd file and specify its path in both blocks of code.

Learn more

Digging Into WordPressWordPress Themes In DepthWizard’s SQL Recipes for WordPress