If you're running a WordPress website or blog, its always a good practice to setup some sort of security for your admin area & restrict access for smart users.
The most basic thing to do is setup a basic auth for your wp-admin directory and wp-login.php so that none can pass through except for the authors or users who are authorised.
Step # 01 - Create .htpasswds file
Right in your document root, create an empty .htpasswds file, like so
<Document-root> touch .htpasswds
Step # 02 - Generate .htpasswds contents
Head over to this online tool and generate your .htpasswds contents & paste the output in your .htpasswds from step 1.
Step # 03 - Create .htaccess file for wp-admin
Inside of your wp-admin directory, create .htaccess file and paste the following code
AuthUserFile /path/to/your/root/.htpasswds
AuthType basic
AuthName "Restricted Resource"
require valid-user
# This is the whitelisting of the ajax handler
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
That's it. save the file, head over to the browser and try accessing your wp-admin area, it now should ask for your username & password for authentication.
