How to password protect wordpress login and admin page?
Bluehost, Hostgator and Inmotion hosting are the
top 3 and very popular hosting companies out there for WordPress. We also started with Bluehost long time back and now have
semi dedicated hosting service from
In this tutorial we will go over how you could secure your WordPress Login page. We will add one more
additional password to your login page. Even before login page loads, user has to enter additional password to see login page.
Let’s get started on:
How to protect WP-ADMIN URL with .htaccess? How to avoid WordPress
Brute Force Attack? Prevent Brute Force Attacks on WordPress Login page.
1. Login to cPanel
Once you login to your cPanel account, go to
Files section and click on
2. Enable Hidden Files
File Manager will open new window. Click on
Settings button on
Top-Right corner. Click on
Show Hidden Files (dotfiles) checkmark.
You will be able to see all .dot files now.
3. Create .wpadmin file
+File link on
Top-Left corner. Provide new file name
.wpadmin and click on
Create New File button.
This will create file under /home/<username>/.wpadmin location.
4. Create secure username and password
- Go to
- Enter Username and Password
- Click on
Create .htpasswd filebutton
- You will see username and password combination like this:
5. Edit .wpadmin file
- Go to File Manager
- Select file
- Click on
Editbutton from top
- Enter above username and password
combinationinto your .wpadmin file
- Save file
6. Create file .htaccess under Home directory
At the same level as
.wpadmin create one more file
.htaccess and put below content into it. File should be created at /home/<username>/.htaccess location.
ErrorDocument 401 "Sorry. Unauthorized Access. You are not allowed to access /wp-admin/ page." ErrorDocument 403 "Forbidden" <FilesMatch "wp-login.php"> AuthName "Authorized Only" AuthType Basic AuthUserFile /home/username/.wpadmin require valid-user </FilesMatch>
Make sure to change
cPanel Username. This .htaccess file is different than your blog’s
And that’s it.
After all above steps, just visit your site’s wp-admin URL and verify:
You need to enter a username & password which you entered in above
step-4. It’s different than your WordPress user’s username & password combination.