Setup basic auth on wp-admin directory

February 4, 2018 By - Usama Muneer | 472

    If you’re running a WordPress website or blog, its always a good practice to setup some sort of security for your admin area & restrict access for smart users.

    The most basic thing to do is setup a basic auth for your wp-admin directory and wp-login.php so that none can pass through except for the authors or users who are authorised.

    Step # 01 – Create .htpasswds file

    Right in your document root, create an empty .htpasswds file, like so

    <Document-root> touch .htpasswds

    Step # 02 – Generate .htpasswds contents

    Head over to this online tool and generate your .htpasswds contents & paste the output in your .htpasswds from step 1.

    Step # 03 – Create .htaccess file for wp-admin

    Inside of your wp-admin directory, create .htaccess file and paste the following code

    AuthUserFile /path/to/your/root/.htpasswds
    AuthType basic
    AuthName "Restricted Resource"
    require valid-user
    # This is the whitelisting of the ajax handler
       <Files admin-ajax.php>
         Order allow,deny
         Allow from all
         Satisfy any
       </Files>

    That’s it. save the file, head over to the browser and try accessing your wp-admin area, it now should ask for your username & password for authentication.

    blog user
    Usama Muneer

    A web enthusiastic, self-motivated & detail-oriented professional Full-Stack Web Developer from Karachi, Pakistan with experience in developing applications using JavaScript, WordPress & Laravel specifically. Loves to write on different web technologies with an equally useful skill to make some sense out of it.

    Related Posts

    If you're on MacOSX & use Laravel valet for managing your development environment. Then this issue might arouse when you try to upgrade your PHP version or even Laravel Valet. But there's an easy fix for that.

    Maintaining Database Relationships in Laravel is quite a task but when it comes to nested relationships, things get a bit tangled up to handle.

    When it comes to validation in Laravel. Developers often refer to using separate Requests to achieve it. Now for creating and updating, rules might get a little bit tricky. But we've got you covered.

    While Developing applications in Laravel, there comes situations where you have date in simple string format. For instance getting raw response from an API. But you want to convert that string into Carbon instance and use the Carbon helpers on it. Well there's a simple solution to it.