Protect WordPress Login | How to secure the WordPress admin with an additional password!

By default, the admin area of ​​WordPress is password-protected. To build in additional security, it is possible to add another query before even accessing the admin area.

Through a file called “.htaccess” WordPress can be protected by removing the complete folder “wp-admin“ is encrypted with an additional password.

Protect WordPress with .htaccess and .htpasswd

If you want to protect your WordPress installation with an additional password, you only have to two files created and uploaded to the web server.

A file named “.htaccess” describes the instructions for the web server, while in the file “.htpasswd“ Password and associated user(s) are stored.

Conversion Plugins: Flytools


Flytool advantages

  • Ideal for creating webinar or membership pages
  • Create high-conversion buttons quickly and easily

Creating a file named “.htpasswd”

Which of the two files is created first does not matter, for the sake of logic, the creation of the “.htpasswd” file is started here.

The easiest way is via one of the generators that are freely accessible on the Internet. For example, Google offers the following as the first hit:

The procedure is self-explanatory. Under “username” you enter the desired user name, while in the line “Password‘ any password can be entered. A code is then produced:

.htpasswd password generator

.htpasswd password generator

Why you should use a generator can be seen from the encrypted output of the selected password. This encryption is automatically adopted by the generator.

To finish creating the file, take the code you just generated and paste it into a text file that will appear as “.htpasswd“ is saved.

.htpasswd file

.htpasswd file

Creating the “.htaccess”

Again create a text file and describe it with the following content:

.htaccess file

.htaccess file

In the first line “AuthUserFile” the path must be specified under which the file “htpasswd‘ later stored on the server. Depending on the web host of the blog and the folder structure created by the user, these paths are always different.

Possibility Number 1:

If you want increased security, save the “htpasswd” in a parent directory for the actual domain.

Is your own WordPress installation on the web server, e.g. on a path like:


then you save your “htpasswd” under a path like:


The reason behind this is that a possible attacker can never access this upper directory by calling up the domain and can therefore never read the “.htpasswd”.

Possibility 2:

If that is too complicated for you, both files can also be in the same directory, i.e. in the directory “wp-admin“ to his WordPress installation. The additional password protection is still achieved!

The text that must then be entered in the “htaccess” file looks something like this:

AuthUserFile if .htpasswd in the same directory as .htaccess

AuthUserFile if .htpasswd in the same directory as .htaccess

Awesome themes: MyThemeShop



MyThemeShop advantages

  • Extremely beautiful WordPress themes
  • Already SEO-optimized and flexible to use
  • Single purchase or premium subscription possible

Upload .htpasswd and .htaccess

After both files have been created and saved, they are uploaded to the web server. Depending on the selected directory structure, it is important to store the files in the correct folders. Otherwise the desired effect will not occur. If everything worked, the user is now prompted by the following when calling up the admin area authentication checked:

Additional authentication to protect WordPress

Additional authentication to protect WP Admin

Rate this article

No rating yet


WordPress admin login for website with URL: Find it here Previous post WordPress admin login for website with URL: Find it here
Next post Customize WordPress Login URL