Adding Password Protection to your wp-login.php file


The wp-login.php file

The wp-login.php file is the file used by WordPress to allow you to login to the WordPress Admin area of your site. WordPress powers over 33% of the sites on the internet and there are almost 25 million WordPress sites based on data from BuiltWith. This means it's a popular target for hackers.

If your site's resource usage is spiking, load times are slowing down or you're getting "508 Resource Limit is Reached" errors, then there's a good chance that your site might be under a brute force password attack. In one of these attacks, a hacker (or group of hackers) are attempting to login to your WordPress admin area by testing a whole lot of passwords until they find the right one. Think of it like the digital equivalent of using a lock picking machine.

There are a number of ways to help protect your site against brute force password attempts including plugins to rename the wp-login file and block the IPs of people who are trying to login with incorrect details, but in this guide, we'll focus on one method - editing your site's .htaccess file

1. Log into cPanel.

2. Open the File Manager.

cpanel-file_manager.png

3. Click on the Settings icon in the top right corner

file_manager-settings.png

4. Tick the box to "Show Hidden Files (dotfiles)" and then click Save

enable-dotfiles.png

5. Click on the .htaccess file once, and then click Edit in the toolbar

choose-htaccess.png

6. Click the Edit button on the window that appears

edit-htaccess.png

7. Add the lines below at the bottom of the file, replacing "username" with your cPanel account's username:

htaccess-wplogin.png

IMPORTANT: You must replace "username" with your cPanel account's username for this to work.

<FilesMatch wp-login.php>
AuthType Basic
AuthName "Secure Area"
AuthUserFile /home/username/public_html/.htpasswd
require valid-user
</FilesMatch>


8. Click the "Save Changes" button in the top right hand corner.

cpanel-save_changes.png
9. Click the "+ File" button on the toolbar to create a new file.

cpanel-create_file.png

10. Call the new file ".htpasswd" (without quotes) - note the dot at the start - and then click Create New File.

create-htpasswd.png

11. Click on the new .htpasswd file once, and then click Edit on the toolbar.

edit-htpasswd.png

12. Use the htpasswd generator site to create a new username and password, and copy/paste that into your .htpasswd File.

Example entry, which is for the username and password "protectwp":

protectwp:$apr1$QDbeOmHR$veKjSCrkn.EMAHNt75SQv/


13. Click the "Save Changes" button in the top right hand corner.

cpanel-save_changes.png

Congratulations. You've now protected your site's wp-login.php file from attacks. You'll need to use that new username and password as the first step of access before getting access to the wp-login.php file.

?האם התשובה שקיבלתם הייתה מועילה

 הדפסת המאמר

מאמרים קשורים

Web hosting inode limits

Our Web hosting plans have unlimited disk space and bandwidth, however there are certain inode...

Steps To Take When Your Account Is Flagged For Excessive Resource Usage

Have you received a message from our team warning you about ‘excessive resource usage’?Any...

How To Prevent Excessive IMAP Activity On Your Email Account

Over time, IMAP has become one of the most common email protocols used to check an email account....

What Is Hotlink Protection

Hotlink protection ensures that you are protected against bandwidth theft. It prevents other...

Optimize your WordPress Site with WP Super Cache

Optimizing your WordPress website is important for user experience. Slow websites repel users,...