Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
WordPRess Files Removed Now What To Do? Question Question
Can't install php-soap to my PHP 7.0 centos Question Question

Question

How to Protect wp-admin & wp-login ?

Posted October 21, 2015 6.3k views
Linux BasicsUbuntuApachePHPWordPressSecurityFirewallLinux Commands

Hi,

My site is very popular, so there are haters who try to login by tying passwords on wp-login page.

All I want to do is protect wp-admin & wp-login like this :
http://i.imgur.com/xZrOEiC.png

So that, after passing above authentication, I may go to wp-login page.

Please help me to do so.

Regards

Add a comment
Loading
By:
Loading

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
WordPRess Files Removed Now What To Do? Question Question
Can't install php-soap to my PHP 7.0 centos Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
asb October 26, 2015

In order to password protect a page with Apache, you need to add a new section to your Apache VirtualHost like the below:

<DirectoryMatch ^.*/wp-admin/>
    AuthType Basic
    AuthName "Restricted"
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
</DirectoryMatch>

Then set the user and password by running:

  • sudo htpasswd -c /etc/apache2/.htpasswd username

Finally, restart Apache for the changes to take effect:

  • sudo service apache2 restart

Check out this article for more information:

How To Set Up Password Authentication with Apache on Ubuntu 14.04
by Justin Ellingwood
When setting up a web server, there are often sections of the site that you wish to restrict access to. Web applications often provide their own authentication and authorization methods, but the web server itself can be used to restrict access if these are inadequate or...
Reply Report
  • shutch190 March 20, 2016

    Apparently this blocks admin-ajax.php and some plugins fail.
    Should we allow access to just that file:

    <Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any 
</Files>
    Reply Report
alexdo June 4, 2021

Hello, all

There are plugins that can change the default admin page from domain.com/wp-admin and also make the admin page inaccessible via the PHP file domain.com/wp-login.php. This can also be achieved using Apache or Nginx rewrite rules, but for not so technically advanced users a plugin will do the job just as well as using a rewrite rule.

Regards,
Alex

Reply Report

Related

Looking for something else?

Ask a new question Search for more help