Password Protect Your Website Admin Area

Easy steps on how to password protect WordPress / CMS admin area.  Password protection required to enhance security layer and prevent from attacker to access admin panel. In our guide we assume that you have installed WordPress on Linux using name based virtual hosting

With our guide we are going to use to host.

Steps :

Step 1: Switch to WordPress admin path, in our guide following is the admin folder of WordPress website hosted.

#cd /sites/

Now you will want to create a .htaccess file to password protect the admin area.  So all you need to do is configure it.

Step 2: create .htaccess file to enable password authentication to access admin panel in /sites/

#cd /sites/

#vi .htaccess

AuthName “Secure Area”

AuthType Basic

AuthUserFile /sites/

require valid-user

Save & Exit!

Step 3:

Chown apache.htaccess (you may need to change the chown to either “nobody”, “apache” or “www” etc., depending on what user your installation of Apache is running as)

#chown apache:apache .htaccess

#chmod 644 .htaccess

Step 4:

Now you need to create a corresponding .htpasswd file that’s going to contain the username and encrypted password for the  administrator panel

#htpasswd -c /sites/ admin admin_password

Ex: #htpasswd -c /sites/demo/.htpasswd admin

-c : create a file

#chown apache:apache /sites/

#chmod 644 /sites/

Step 5:

The lock down method above may break some WordPress Ajax functionality. If you are using that functionality and it breaks, you can fix it by adding this to your Apache config file:

# vi /etc/httpd/conf/httpd.conf

<Files admin-ajax.php>

Order allow,deny

Allow from all

Satisfy any


Save & Exit

#service httpd restart

Step 6:

Lunch from any of the internet browsers like (chrome, mozilla or any)

Watch out this video:

Leave a Reply

Your email address will not be published. Required fields are marked *

39 − = 35