Use .htaccess to Protect wp-admin in WordPress

Recently, there has been a lot of talk about security and WordPress. The fact is that WordPress will always be vulnerable to some extent – it’s an open-source project with over 60 million lines of code. But you can take steps to protect your site from being hacked by using htaccess to mask wp-admin folder in WordPress. In this article, we’ll show you how!

What is .htaccess file?

The .htaccess file is a configuration file for the Apache-Webalizer web server. It provides an easy way to make changes to various aspects of your site’s operation without editing the corresponding configuration files. These can be anything from redirecting a page, to hiding the content in certain folders from visitors. The .htaccess file can also be used to protect WordPress wp-admin folder with an IP address range or with a credential.

Use .htaccess to mask wp-admin folder

To use the following methods, you need to create a .htaccess file under wp-admin folder. Any codes below needs to be copied to this file.

Limit IP Addresses

You can use .htaccess to protect your WordPress admin area by limiting the access to selected IP addresses only. Why not create a makeshift barrier with some kind of firewall software?

You can also do this by changing your hosts file, but this is not a good idea because it can cause problems with other websites on the same server. So using .htaccess is better.

This method is feasible if your IP is static and you only work from home. Because if you have a dynamic IP address, which changes when you’re on different connections, it’s better to another htaccess method.

Paste the code below to your htaccess file and remember to change xxx.xxx.xxx.xxx with your real IP address:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "IP Limit"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
allow from xxx.xxx.xxx.xxx
</LIMIT>

Each line of allow from determines the IP that can access wp-admin folder. Here is what a user sees if his IP is not allowed:

Password Protected

In today’s connected world, it can be hard to keep your data secure and private. But if you’re a WordPress user who accesses their site from public internet spots on the regular for whatever reason (like work), then limiting access is something that should concern you- especially since there are ways around this problem!

Using an .htaccess file will add additional password protection to your admin area so no one without the correct credentials has easy access no matter what browser they use or where they log in from.

The first thing you need to do is to create a htpasswd file to store username and password. You can use this tool to create one. Then create a .htpasswds file and put it under wp-admin/htpasswds folder! Copy and paste the user and pass line generated by the tool to the . htpasswds file.

Finally, copy the code below to the mentioned .htaccess file:


AuthName "Admin Section"
AuthUserFile /path-to-wordpress-folder/wp-admin/htpasswds
AuthGroupFile /dev/null
AuthType basic
require user admin
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any 
</Files>

Leave a Comment

Your email address will not be published. Required fields are marked *

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close