How to protect WordPress Admin Area?

Security of administration section in WordPress

  1. proceed to the website directory and insert the following lines to the .htaccess file (you need to create it, if does not exist yet):

    <Files wp-login.php>
    AuthType Basic
    AuthName "Private zone"
    AuthUserFile Root-Directory-Path/.htpasswd
    Require valid-user

    where Root-Directory-Path shall be replaced with an actual path, which you can learn following the instructions;
  2. when you’re in the website directory, create the .htpasswd file. This file will store the login and password (as a hashed representation). In the future, it will be possible to access the secure directory only with these login and password;
  3. to create a login-password combination, follow the link. Enter the login and password and press Create .htpasswd file. Copy the result and save it to the previously created .htpasswd.


Please note that the password in the .htpasswd file will be stored in a form of hashed representation. When accessing the secure directory, you will need to specify this hash rather than the password itself.

How to change the password? How to add a new user?

To change a password, you will need to simply repeat the password generation procedure using the same login. Online Generator. To add a new user, just generate a new login-password combination and add it to the .htpasswd file from a new paragraph. How to remove authentication form? If there is no need for the authentication form any more, just comment out the lines that have been added to the .htaccess file previously. To do so, place a ‘#’ character at the beginning of every line in question. Another option would be to simply delete all the relevant lines.