Blog

News about web design and technology

Home»Web & Graphic Design News»How to Prevent Unauthorized WordPress Login Attempts

How to Prevent Unauthorized WordPress Login Attempts

These days, savvy hackers are always coming up with newer and better ways to try to get into the backends of websites to either steal sensitive information or just to wreak havoc on the site. That’s why it’s important for website developers to take the necessary steps to protect their websites and prevent any unauthorized login attempts.

In this guide, we’ll show you how to limit access to the wp-admin and wp-login.php.

Step 1

Go to your Hosting cPanel account and log in.
Click on Directory Privacy under the Files Section.


Step 2

Click on Settings.


Step 3

Choose your domain from the Document Root drop-down menu in the pop-up box, the click on Save Changes.


Step 4

Click on the wp-admin directory.


Step 5

Check off the box beside Password protect this directory, name it, then save.


Step 6

Click Go Back.


Step 7

Click on Password Generator.


Step 8

Copy the password from the small pop-up window, then check off I have copied this password in a safe place.


Step 9

Type in your Username and click on Save.


Step 10

Attempt to go in and access the wp-admin directory. The browser you are using will ask you for your password. Enter your username and password, then click Log In.


Step 11

The regular WordPress admin login display should now come up.


Step 12

Go to cPanel, and click on File Manager under the Files section.


Step 13

Click on Settings.


Step 14

Choose the Document Root for your website’s domain, then check Show Hidden Files, and click Save.


Step 15

Expand public_html from the directory listing on the left side. Click on wp-admin and right-click on .htaccess. Click Code Edit, then click on Edit one more time to bypass the encoding pop-up.


Step 16

Copy all the code found in the .htaccess file. Add the following code while this file is still open:

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

# Allow plugin access to admin-ajax.php around password protection

Order allow,deny
Allow from all
Satisfy any

AuthType Basic
AuthName "Secure Area"
AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
require valid-user


Step 17

Click on public_html from the directory listing on the left side. Right-click on the .htaccess file, and click on edit.


Step 18

Paste the .htaccess code that you copied earlier, and paste it in between FilesMatch tags. Click Save Changes.

At this point, you’ll have the /wp-admin/.htaccess file that offers password protection to the /wp-admin directory. If an unauthorized person tries to login directly from wp-admin.php, they’ll be prompted to enter valid credentials. If they don’t have them and enter invalid credentials, they will receive an Authorization Required error message. and won’t be able to directly access your wp-admin.

Written by

Dedicated to delivering effective and professional web design, Umberto Valenti founded UV Designs in 2010, a one-stop shop delivering web design and development services. With a background in business marketing and Economics.