Password protect WordPress login – wp-login.php

What is password protection?

It’s a smart feature to protect directories against accessing it from unauthorised users. In a cPanel server, we can simply create password protected directories via the control panel (Home >> Security >> Password Protect Directories). If we enable this feature, the system will prompt all users accessing that particular directory with a user name and password window. This provide a second layer of protection to our account on internet. Here I explain, how we can protect the WordPress login page from Brute Force Attack!

Why this topic?

Simply to save your accounts resources 😛 Chance of login attacks are high on WordPress websites as it has a known login page wp-login.php under the installation folder. A DoS to this page can slowdown your website and consume resources. If your WordPress domain is hosted in a CloudLinux platform, you will definitely face the “508 Resource Limit Is Reached” error on your web-page. Here we are going to protect the login page against Brute Force Attack. The steps are simple:

Creating “.htpasswd” file

Yeah, to do password protection first you need to create a .htpasswd file to store the secret authentication details. There are different options available to create this. In a cPanel server, we can create it from the control panel itself. Otherwise you can create this from this online tool >> HTPASSWD GENERATOR << The generated password must be in encrypted form. Then upload the file to your home directory, a best location should be in “/home/user/.htpasswds/public_html/test/wp-admin/“.

File name :: /home/user/.htpasswds/public_html/test/wp-admin/passwd

Then place the code in the WordPress installation directory

passwodpro1

Append the code pasted below into the .htaccess file under WP installation directory.


# copy this code to .htaccess, CryBit.com
# To prevent loops

ErrorDocument 401 default

# Protect wp-login
<Files wp-login.php>
AuthUserFile /home/user/.htpasswds/public_html/test/wp-admin/passwd
AuthName "Private access"
AuthType Basic
require valid-user
</Files>

NB : “ErrorDocument 401 default” this line will help you to avoid redirection error.

The above steps will re-prompt the login page:

passwodpro2

That’s it!

Also read;

How to reset WordPress admin/users password from Linux command line?
Database Upgrade Required – a detailed view!

Post navigation

Arunlal Ashok

Operations Engineer at Endurance International Group. Linux lover. Like to play on Linux console. I started this blog to share and discuss Linux thoughts.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team CryBit.com
We like to travel. Our travelogues are published at Trip Mentor

3 thoughts on “Password protect WordPress login – wp-login.php

  1. I was breaking my head here. I was having redirection problems. I insert “ErrorDocument 401 default” and it’s working.

    Thank you.

  2. Hi i am facing resource limit issue in my share hosting . domain name is ww.busrentdubai.ae
    our daily visitors are max 60 , which is nothing . but still we have an resource limit issue. we have WP website
    can any one help

Leave a Reply

Your email address will not be published. Required fields are marked *