Password Protect wp-login.php Against Brute Force Login Attempts?

Quick Steps:

  • First, create an .htpasswd file.
  • Edit .htccess to restrict wp-login access to only username and passwords defined in .htpasswd file.
  • Flush your browser cache.

You can utilize .htaccess rules to password protect your wp-login.php file from brute force login attempts. The process will require an additional layer of security (additional username & password) in order to access the WordPress login.

Step 1.

In your cPanel file browser, navigate to the top level “home” directory. You’ll want to create a file called .htpasswd (dot htpasswd). Inside of this file, you will need to put a basic username & password in the format like so:  username:password  (be sure to put the : between the username & password)

Step 2.

Next, you will want to navigate to your public_html directory, or the directory where your WordPress installation is located. This will be the same directory where your wp-login.php file is located. Locate the file named .htaccess and click Code Edit. If you cannot file the .htaccess file, you will need to click the “Settings” button in the top right corner of the File Manager. Next, select Show Hidden Files and save.
# This will make the .htaccess file visible. You will want to add the lines below to your .htaccess file.

#Protect WP Login
 ErrorDocument 401 "Unauthorized Access"
 ErrorDocument 403 "Forbidden"
 <FilesMatch "wp-login.php">
 AuthName "Authorized Access Only"
 AuthType Basic
 AuthUserFile /home/.htpasswd
 require valid-user

You can now save your htaccess file with the code shown above. Now, when you browse to your wp-admin or wp-login, you will be prompted for a username & password. Please note, this method is not meant to be a high level of security in regards to the username & password being located in plaint text inside of a file – the purpose of this method is to simply prevent bots & users from being able to directly access the WordPress login form.

  • Password Protect, secure wordpress
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to show hidden files (.htaccess) in cPanel File Manager?

Many users ask us how they can see the .htaccess files for their websites in cPanel File Manager....

How Can I Compress / Uncompress Files Using the File Manager?

How to Compress Files Go to the File Manager. Navigate to the folder where the files you want...

How to View Your cPanel Disk Space Usage?

In order to view your cPanel disk space usage, there’s a great tool located inside of your...

Accessing webmail for your domain

To access the included webmail email clients included with your hosting account, you’ll need to...

How to rename a database in phpMyAdmin?

phpMyAdmin is a free and opensource application for MySQL database management. It is one of the...