Password protect WordPress login – wp-login.php
What is password protection?
It’s a smart feature to protect directories against accessing it from unauthorised users. In a cPanel server, we can simply create password protected directories via the control panel (Home >> Security >> Password Protect Directories). If we enable this feature, the system will prompt all users accessing that particular directory with a user name and password window. This provide a second layer of protection to our account on internet. Here I explain, how we can protect the WordPress login page from Brute Force Attack!
Why this topic?
Simply to save your accounts resources 😛 Chance of login attacks are high on WordPress websites as it has a known login page wp-login.php under the installation folder. A DoS to this page can slowdown your website and consume resources. If your WordPress domain is hosted in a CloudLinux platform, you will definitely face the “508 Resource Limit Is Reached” error on your web-page. Here we are going to protect the login page against Brute Force Attack. The steps are simple:
Creating “.htpasswd” file
Yeah, to do password protection first you need to create a .htpasswd file to store the secret authentication details. There are different options available to create this. In a cPanel server, we can create it from the control panel itself. Otherwise you can create this from this online tool >> HTPASSWD GENERATOR << The generated password must be in encrypted form. Then upload the file to your home directory, a best location should be in “/home/user/.htpasswds/public_html/test/wp-admin/“.
File name :: /home/user/.htpasswds/public_html/test/wp-admin/passwd
Then place the code in the WordPress installation directory
Append the code pasted below into the .htaccess file under WP installation directory.
# copy this code to .htaccess, CryBit.com # To prevent loops ErrorDocument 401 default # Protect wp-login <Files wp-login.php> AuthUserFile /home/user/.htpasswds/public_html/test/wp-admin/passwd AuthName "Private access" AuthType Basic require valid-user </Files>
NB : “ErrorDocument 401 default” this line will help you to avoid redirection error.
The above steps will re-prompt the login page: