Protect WordPress Login Page with Htaccess

If you keep track on online news then you must know that in recent times there were many attacks on WordPress powered blogs and most of them are through either Brute Force Attack or from Dictionary Attack.

Protect Your WordPress Login Page

Protect Your WordPress Login Page

Some servers block malicious activities and block Brute Force Attack and Dictionary Attack and block that IP address some a specific time period. If you are unable to figure out whether your server is capable of blocking these attacks or wants to add another security layer to protect your WordPress then you can block login page via your .htaccess file.

Almost all servers allows you to create .htaccess file and best part is that its an hidden file so no one can call it or check what you have put on it.

Today we will tell you how to protect your wp-login.php page simply by adding few line in .htaccess file, lets do it.

Create A Password File

First we need to create a password file which will store our password so that whenever you or anyone else try to open login page this password will be asked, if you enter correct password then you will be taken to login page or you will be thrown out.

  • For this visit This Page
  • Enter a username and password and then click on create .htpasswd file,
  • On next screen you will get few strings which will have your username which you just entered and your encrypted password, now you have two choice either you can copy paste this entry into a file and name it as .htpasswd which most of the users do but we recommend you to name something else but put a period [dot] ahead of name like .technoarea or .mypsswrd so that it will be hidden
  • Now login to your FTP account and open .htaccess file which will be placed into your root directory, add following line to it
ErrorDocument 401 "Unauthorized Access"
ErrorDocument 403 "Forbidden"
<FilesMatch "wp-login.php">
AuthName "Authorized Only"
AuthType Basic
AuthUserFile /home/username/.technoarea require
valid-user
</FilesMatch>
  • Save it and close it
  • Try to open your login page and you will find that it will ask for another password before letting you enter to your login page.

[*] In above code, on 6th line you have to provide full path of your password file which you had created in third step, you can place it anywhere on your server. You can use our php script to find out full path of saved file.

Some handpicked devices for you