WordPress Optimized!

More than just another WordPress site

Menu
Skip to content
  • Home
    • Privacy
    • Disclaimer
  • Index
  • Plugin
  • Errors
  • Troubleshooting
  • Security
  • Code Snippet
  • Performance
  • 2BearStudio
  • Posted on May 5, 2014July 11, 2014
  • by Jerry Wang

Password Protect wp-login.php

In previous post, I mentioned a security tip called “Password Protect WordPress Admin Directory (wp-admin) for Enhanced Security“. Beside http://your-url/wp-admin, there is another login link to your site, which is http://your-url/wp-login.php. Matter of fact, http://your-url/wp-admin still requires access to file wp-login.php, a file seating outside wp-admin folder. It makes sense to extend password protection strategy to wp-login.php as well.

On some sites,  password protecting wp-admin folder can break plugins that use Ajax on the front end. Password protecting wp-login.php becomes an alternative solution.

Applying same Apache authentication rule, we add following code to .htaccess file in website root directory. (Normally, /public_html/).

# Password Protect wp-login.php

    AuthUserFile "/path/to/your/directory/.htpasswd"
    AuthType Basic
    AuthName "Open Sesame"
    Require valid-user

For security purpose, I strongly recommend to save .htpasswd file to a separate folder other than the same directory as the .htaccess file. For example, if the website is located at “/home/user/public_html/”, it is much safer to keep the .htpasswd at “/home/user/.htpasswds/publich_html/”.

Again, for ease of use, if you want to exclude your very own developing machine (including other trusted users) from being asked for password on every visit, add the IP address to trusted list. The code in .htaccess now becomes

# Password Protect wp-login.php

    Order deny,allow
    Deny from all

    AuthUserFile "/path/to/your/directory/.htpasswd"
    AuthType Basic
    AuthName "Open Sesame"
    Require valid-user

    Allow from XXX.XXX.XXX.XXX
    Satisfy Any

 

Password Protect wp-login.php was last modified: July 11th, 2014 by Jerry Wang

Related posts:

  1. Manually Reset WordPress User Password
  2. Password Protect WordPress Admin Directory (wp-admin) for Enhanced Security
  3. WordPress Security Tips: What Should Be Done after WordPress Installation
  4. WordPress Security Tip: Lock Down File Access
  5. Better Way to Defeat WordPress Brute Force Attack
Posted in Code Snippet, SecurityTagged .htaccess, Files, Login, Security, wp-login.php

Post navigation

Prev Password Protect WordPress Admin Directory (wp-admin) for Enhanced Security
Next Manually Reset WordPress User Password

Recent Posts

  • Make Uncode theme working on your DreamHost shared hosting account
  • Remove /?doing_wp_cron from URL
  • My New iMac Setup Troubleshooting
  • How to Replace Huge Image with Optimized Version the Easy Way
  • How to disable Guternberg Editor – the new Block Editor in WordPress 5
  • How to increase Max Input Vars on DreamHost shared hosting account
  • How to Upgrade to WordPress 5.0 without losing Classic Editor
  • WordPress Security Tip – Avoid using these usernames
The Ultimate Managed Hosting Platform

Recommended WordPress Hosting

Web Hosting  Fastest WordPress Hosting

Coupon & Promotion

  • 10% saving on S2Member Pro (Single-site)
  • 10% saving on S2Member Pro (Unlimited-site)
  • Hostgator 25% off coupon: 25offhosing

WordPress Themes & Plugins

 

Tags

.htaccess 404 500 add_filter() Admin Archive Backup BackWPup Block Editor Coda Cron Custom Post Type DreamHost Email Error Guternberg Hack IfModule Login Membership Menu mobile password Performance PHP Plugin redirect Registration Responsive Revision Search Security Settings SSH Theme Troubleshooting Update WooCommerce wp- WP-CONFIG.PHP wp-login.php wp_query() wp_redirect() WP_TEMP_DIR WSOD

Recommended Plugins

  Gravity Forms Plugin for WordPress   s2Member® (WordPress Membership Plugin)

Categories

  • Code Snippet (30)
  • General (17)
  • Mobile (3)
  • Performance (9)
  • Plugin (23)
  • Security (17)
  • Troubleshooting (29)

Archives

© Copyright 2023 – WordPress Optimized!
Retina Theme by WPAisle ⋅ Powered by WordPress