WP-Mix

A fresh mix of code snippets and tutorials

Protect the WordPress Admin

A secure way to protect your site’s admin area is to lock it down with .htaccess.

There are two parts to protecting the WordPress Admin. First, add the following directives to your site’s root .htaccess file:

<Files wp-login.php>
AuthUserFile /path/to/.htpasswd
AuthName "Restricted Area"
AuthType Basic
Require user username
</Files>

This protects the login page, which is outside of the actual admin directory. So next we want to secure the /wp-admin/ directory. Add the following directives to /wp-admin/.htaccess:

<Files *.php>
AuthUserFile /path/to/.htpasswd
AuthName "Restricted Area"
AuthType Basic
Require user username
</Files>

With both of these codes in place, all requests for the login page or anything in the admin area will require a valid username/password. Note that in order for these directives to work, you need to create a proper .htpasswd file and specify its path in both blocks of code.

Learn more

Digging Into WordPressWordPress Themes In DepthWizard’s SQL Recipes for WordPress

WordPress Resources

[ .htaccess made easy ] [ SAC Pro: WordPress Chat Plugin ] [ The Tao of WordPress ] [ Digging Into WordPress ] [ Wizard’s Collection: SQL Recipes for WordPress ] [ WordPress Themes In Depth ]

Subscribe to WP-Mix

Project Demos

Popular Posts

Recent Posts

Random Posts

RSS Feed

Grab the RSS Feed ›

1389 readers
Feed Statistics
About the Author

Jeff Starr is a professional developer, designer, author, and publisher with over 15 years of experience. He writes books and tutorials, develops plugins, and runs his own business.

About the Site

WP-Mix is where I share code snippets, tricks, and tips. WP-Mix was launched in October 2012, and now features 409 posts. You can check out the latest post published on May 2, 2023. Learn more ›

Contact

A few ways to connect:

© 2012–2024 Monzilla Media shapeSpace Sitemap Feed Privacy Made in the USA