If you’re running a WordPress website or blog, its always a good practice to setup some sort of security for your admin area & restrict access for smart users.
The most basic thing to do is setup a basic auth for your
wp-admin directory and
wp-login.php so that none can pass through except for the authors or users who are authorised.
Right in your document root, create an empty
.htpasswds file, like so
<Document-root> touch .htpasswds
Head over to this online tool and generate your
.htpasswds contents & paste the output in your
.htpasswds from step 1.
Inside of your wp-admin directory, create
.htaccess file and paste the following code
AuthUserFile /path/to/your/root/.htpasswds AuthType basic AuthName "Restricted Resource" require valid-user # This is the whitelisting of the ajax handler <Files admin-ajax.php> Order allow,deny Allow from all Satisfy any </Files>
That’s it. save the file, head over to the browser and try accessing your
wp-admin area, it now should ask for your username & password for authentication.