Logo Logo

How to Prevent Unauthorized WordPress Login Attempts

February 23, 2017

These days, savvy hackers are always coming up with newer and better ways to try to get into the backends of websites to either steal sensitive information or just to wreak havoc on the site. That’s why it’s important for website developers to take the necessary steps to protect their websites and prevent any unauthorized login attempts.

In this guide, we’ll show you how to limit access to the wp-admin and wp-login.php.

img1

Step 1

Go to your Hosting cPanel account and log in.
Click on Directory Privacy under the Files Section.


img01

Step 2

Click on Settings.


img02

Step 3

Choose your domain from the Document Root drop-down menu in the pop-up box, the click on Save Changes.


img03

Step 4

Click on the wp-admin directory.


img04

Step 5

Check off the box beside Password protect this directory, name it, then save.


img05

Step 6

Click Go Back.


img06

Step 7

Click on Password Generator.


img07

Step 8

Copy the password from the small pop-up window, then check off I have copied this password in a safe place.


img08

Step 9

Type in your Username and click on Save.


img09

Step 10

Attempt to go in and access the wp-admin directory. The browser you are using will ask you for your password. Enter your username and password, then click Log In.


img1011

Step 11

The regular WordPress admin login display should now come up.


img10

Step 12

Go to cPanel, and click on File Manager under the Files section.


img11

Step 13

Click on Settings.


img12

Step 14

Choose the Document Root for your website’s domain, then check Show Hidden Files, and click Save.


img13

Step 15

Expand public_html from the directory listing on the left side. Click on wp-admin and right-click on .htaccess. Click Code Edit, then click on Edit one more time to bypass the encoding pop-up.


img14

Step 16

Copy all the code found in the .htaccess file. Add the following code while this file is still open:

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

# Allow plugin access to admin-ajax.php around password protection

Order allow,deny
Allow from all
Satisfy any

AuthType Basic
AuthName "Secure Area"
AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
require valid-user


img15

Step 17

Click on public_html from the directory listing on the left side. Right-click on the .htaccess file, and click on edit.


img16

Step 18

Paste the .htaccess code that you copied earlier, and paste it in between FilesMatch tags. Click Save Changes.

At this point, you’ll have the /wp-admin/.htaccess file that offers password protection to the /wp-admin directory. If an unauthorized person tries to login directly from wp-admin.php, they’ll be prompted to enter valid credentials. If they don’t have them and enter invalid credentials, they will receive an Authorization Required error message. and won’t be able to directly access your wp-admin.

Comments are closed here.