Wordpress - How To Prevent Unauthorized Login Attempts | UV Designs

Kleinburg Brewery

  • design
  • / web

Livello Towns

  • design
  • / web
  • / seo
  • / social

Buy Wall Art

  • design
  • / web
  • / social

featured work

6175 Highway 7, Unit 5
Woodbridge, ON. L4H 0P6

647.478.4938

These days, savvy hackers are always coming up with newer and better ways to try to get into the backends of websites to either steal sensitive information or just to wreak havoc on the site. That’s why it’s important for website developers to take the necessary steps to protect their websites and prevent any unauthorized login attempts.

In this guide, we’ll show you how to limit access to the wp-admin and wp-login.php.

img1
 

Step 1

Go to your Hosting cPanel account and log in.
Click on Directory Privacy under the Files Section.

img01
 

Step 2

Click on Settings.

img02
 

Step 3

Choose your domain from the Document Root drop-down menu in the pop-up box, the click on Save Changes.

img03
 

Step 4

Click on the wp-admin directory.

img04
 

Step 5

Check off the box beside Password protect this directory, name it, then save.

img05
 

Step 6

Click Go Back.

img06
 

Step 7

Click on Password Generator.

img07
 

Step 8

Copy the password from the small pop-up window, then check off I have copied this password in a safe place.

img08
 

Step 9

Type in your Username and click on Save.

img09
 

Step 10

Attempt to go in and access the wp-admin directory. The browser you are using will ask you for your password. Enter your username and password, then click Log In.

img1011
 

Step 11

The regular WordPress admin login display should now come up.

img10
 

Step 12

Go to cPanel, and click on File Manager under the Files section.

img11
 

Step 13

Click on Settings.

img12
 

Step 14

Choose the Document Root for your website’s domain, then check Show Hidden Files, and click Save.

img13
 

Step 15

Expand public_html from the directory listing on the left side. Click on wp-admin and right-click on .htaccess. Click Code Edit, then click on Edit one more time to bypass the encoding pop-up.

img14
 

Step 16

Copy all the code found in the .htaccess file. Add the following code while this file is still open:

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

# Allow plugin access to admin-ajax.php around password protection

Order allow,deny
Allow from all
Satisfy any

AuthType Basic
AuthName "Secure Area"
AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
require valid-user

img15
 

Step 17

Click on public_html from the directory listing on the left side. Right-click on the .htaccess file, and click on edit.

img16
 

Step 18

Paste the .htaccess code that you copied earlier, and paste it in between FilesMatch tags. Click Save Changes.

At this point, you’ll have the /wp-admin/.htaccess file that offers password protection to the /wp-admin directory. If an unauthorized person tries to login directly from wp-admin.php, they’ll be prompted to enter valid credentials. If they don’t have them and enter invalid credentials, they will receive an Authorization Required error message. and won’t be able to directly access your wp-admin.

Share This Story,
Choose Your Platform!