Easy steps on how to password protect WordPress / CMS admin area. Password protection required to enhance security layer and prevent from attacker to access admin panel. In our guide we assume that you have installed WordPress on Linux using name based virtual hosting
With our guide we are going to use demo.com to host.
Step 1: Switch to WordPress admin path, in our guide following is the admin folder of WordPress website hosted.
Now you will want to create a .htaccess file to password protect the admin area. So all you need to do is configure it.
Step 2: create .htaccess file to enable password authentication to access admin panel in /sites/demo.com/wp-admin/.htaccess
AuthName “Secure Area”
Save & Exit!
Chown apache.htaccess (you may need to change the chown to either “nobody”, “apache” or “www” etc., depending on what user your installation of Apache is running as)
#chown apache:apache .htaccess
#chmod 644 .htaccess
Now you need to create a corresponding .htpasswd file that’s going to contain the username and encrypted password for the administrator panel
#htpasswd -c /sites/demo.com/.htpasswd admin admin_password
Ex: #htpasswd -c /sites/demo/.htpasswd admin
-c : create a file
#chown apache:apache /sites/demo.com/.htpasswd
#chmod 644 /sites/demo.com/.htpasswd
The lock down method above may break some WordPress Ajax functionality. If you are using that functionality and it breaks, you can fix it by adding this to your Apache config file:
# vi /etc/httpd/conf/httpd.conf
Allow from all
Save & Exit
#service httpd restart
Lunch demo.com/wp-admin from any of the internet browsers like (chrome, mozilla or any)
Watch out this video: