Home » Archive by category "Wordpress"

WordPress – password protect

Ok, in order to harden your WordPress installation, the easiest and fastest thing you can do is to add another layer of authentication to wp-admin area.
If your web server is Apache, you can use htaccess files to do this.

First, create the user and password file. Use a Htpasswd generator and make sure to put the path outside the document root of your website.

Now, you need to edit two .htaccess files.

The one in wp-admin/.htaccess (create it if it doesn’t exists) should contain these lines:


#Avoid the too many redirects error
ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

# Allow plugin access to admin-ajax.php around password protection

Order allow,deny
Allow from all
Satisfy any

#Basic authentication
AuthType Basic
AuthName "Secure Area"
AuthUserFile "/path/to/.htpasswd"
require valid-user

And in the main .htaccess file from the document root of your website, add these lines after the WordPress rewrite rules:


#Avoid the too many redirects error
ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"


AuthType Basic
AuthName "Secure Area"
AuthUserFile "/path/to/.htpasswd"
require valid-user

I’ll update this post with the nGinx configuration, if that’s your case.