Setup basic auth on wp-admin directory

If you're running a WordPress website or blog, its always a good practice to setup some sort of security for your admin area & restrict access for smart users.

If you’re running a WordPress website or blog, its always a good practice to setup some sort of security for your admin area & restrict access for smart users.

The most basic thing to do is setup a basic auth for your wp-admin directory and wp-login.php so that none can pass through except for the authors or users who are authorised.

Step # 01 – Create .htpasswds file

Right in your document root, create an empty .htpasswds file, like so

<Document-root> touch .htpasswds

Step # 02 – Generate .htpasswds contents

Head over to this online tool and generate your .htpasswds contents & paste the output in your .htpasswds from step 1.

Step # 03 – Create .htaccess file for wp-admin

Inside of your wp-admin directory, create .htaccess file and paste the following code

AuthUserFile /path/to/your/root/.htpasswds
AuthType basic
AuthName "Restricted Resource"
require valid-user
# This is the whitelisting of the ajax handler
   <Files admin-ajax.php>
     Order allow,deny
     Allow from all
     Satisfy any
   </Files>

That’s it. save the file, head over to the browser and try accessing your wp-admin area, it now should ask for your username & password for authentication.

Comments