Recently, there has been a lot of talk about security and WordPress. The fact is that WordPress will always be vulnerable to some extent – it’s an open-source project with over 60 million lines of code. But you can take steps to protect your site from being hacked by using htaccess to mask wp-admin folder in WordPress. In this article, we’ll show you how!
Table of Contents
What is .htaccess file?
The .htaccess file is a configuration file for the Apache-Webalizer web server. It provides an easy way to make changes to various aspects of your site’s operation without editing the corresponding configuration files. These can be anything from redirecting a page, to hiding the content in certain folders from visitors. The .htaccess file can also be used to protect WordPress wp-admin folder with an IP address range or with a credential.
Use .htaccess to mask wp-admin folder
To use the following methods, you need to create a .htaccess file under wp-admin folder. Any codes below needs to be copied to this file.
Limit IP Addresses
You can use .htaccess to protect your WordPress admin area by limiting the access to selected IP addresses only. Why not create a makeshift barrier with some kind of firewall software?
You can also do this by changing your hosts file, but this is not a good idea because it can cause problems with other websites on the same server. So using .htaccess is better.
This method is feasible if your IP is static and you only work from home. Because if you have a dynamic IP address, which changes when you’re on different connections, it’s better to another htaccess method.
Paste the code below to your htaccess file and remember to change xxx.xxx.xxx.xxx with your real IP address:
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "IP Limit" AuthType Basic <LIMIT GET> order deny,allow deny from all allow from xxx.xxx.xxx.xxx allow from xxx.xxx.xxx.xxx </LIMIT>
Each line of allow from determines the IP that can access wp-admin folder. Here is what a user sees if his IP is not allowed:
In today’s connected world, it can be hard to keep your data secure and private. But if you’re a WordPress user who accesses their site from public internet spots on the regular for whatever reason (like work), then limiting access is something that should concern you- especially since there are ways around this problem!
Using an .htaccess file will add additional password protection to your admin area so no one without the correct credentials has easy access no matter what browser they use or where they log in from.
The first thing you need to do is to create a htpasswd file to store username and password. You can use this tool to create one. Then create a .htpasswds file and put it under wp-admin/htpasswds folder! Copy and paste the user and pass line generated by the tool to the . htpasswds file.
Finally, copy the code below to the mentioned .htaccess file:
AuthName "Admin Section" AuthUserFile /path-to-wordpress-folder/wp-admin/htpasswds AuthGroupFile /dev/null AuthType basic Require valid-user <Files admin-ajax.php> Order allow,deny Allow from all Satisfy any </Files>