How to Protect wp-admin & wp-login ?

October 21, 2015 1.2k views
WordPress Apache Security PHP Firewall Linux Commands Linux Basics Ubuntu


My site is very popular, so there are haters who try to login by tying passwords on wp-login page.

All I want to do is protect wp-admin & wp-login like this :

So that, after passing above authentication, I may go to wp-login page.

Please help me to do so.


1 Answer

In order to password protect a page with Apache, you need to add a new section to your Apache VirtualHost like the below:

<DirectoryMatch ^.*/wp-admin/>
    AuthType Basic
    AuthName "Restricted"
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user

Then set the user and password by running:

  • sudo htpasswd -c /etc/apache2/.htpasswd username

Finally, restart Apache for the changes to take effect:

  • sudo service apache2 restart

Check out this article for more information:

When setting up a web server, there are often sections of the site that you wish to restrict access to. Web applications often provide their own authentication and authorization methods, but the web server itself can be used to restrict access if these are inadequate or...
  • Apparently this blocks admin-ajax.php and some plugins fail.
    Should we allow access to just that file:

    <Files admin-ajax.php>
        Order allow,deny
        Allow from all
        Satisfy any 
Have another answer? Share your knowledge.