By default, the admin area of WordPress is password-protected. To build in additional security, it is possible to add another query before even accessing the admin area.
Through a file called “.htaccess” WordPress can be protected by removing the complete folder “wp-admin“ is encrypted with an additional password.
Protect WordPress with .htaccess and .htpasswd
If you want to protect your WordPress installation with an additional password, you only have to two files created and uploaded to the web server.
A file named “.htaccess” describes the instructions for the web server, while in the file “.htpasswd“ Password and associated user(s) are stored.
Conversion Plugins: Flytools
Creating a file named “.htpasswd”
Which of the two files is created first does not matter, for the sake of logic, the creation of the “.htpasswd” file is started here.
The easiest way is via one of the generators that are freely accessible on the Internet. For example, Google offers the following as the first hit: http://www.htaccesstools.com/htpasswd-generator/
The procedure is self-explanatory. Under “username” you enter the desired user name, while in the line “Password‘ any password can be entered. A code is then produced:
Why you should use a generator can be seen from the encrypted output of the selected password. This encryption is automatically adopted by the generator.
To finish creating the file, take the code you just generated and paste it into a text file that will appear as “.htpasswd“ is saved.
Creating the “.htaccess”
Again create a text file and describe it with the following content:
In the first line “AuthUserFile” the path must be specified under which the file “htpasswd‘ later stored on the server. Depending on the web host of the blog and the folder structure created by the user, these paths are always different.
Possibility Number 1:
If you want increased security, save the “htpasswd” in a parent directory for the actual domain.
Is your own WordPress installation on the web server, e.g. on a path like:
then you save your “htpasswd” under a path like:
The reason behind this is that a possible attacker can never access this upper directory by calling up the domain and can therefore never read the “.htpasswd”.
If that is too complicated for you, both files can also be in the same directory, i.e. in the directory “wp-admin“ to his WordPress installation. The additional password protection is still achieved!
The text that must then be entered in the “htaccess” file looks something like this:
Awesome themes: MyThemeShop
Upload .htpasswd and .htaccess
After both files have been created and saved, they are uploaded to the web server. Depending on the selected directory structure, it is important to store the files in the correct folders. Otherwise the desired effect will not occur. If everything worked, the user is now prompted by the following when calling up the admin area authentication checked:
Rate this article
No rating yet