Admin dashboard is protected by a username-password combination. You have to log in to open the admin dashboard.
You can add an extra layer of security to the login page if you password protects your WordPress admin directory.
Let’s say your login page is: https://websiteA.com/wp-admin
Without password protection, the URL will open the login page, where you have to fill in the username-password to enter the website.
However, after password-protecting the wp-admin directory, the page itself would be behind the wall.
Something like this:
The username and password will be required to access the page. After that, the user will enter the user’s username and password to log in.
So basically, you add one more security layer to the WordPress security. Popular websites often password-protect their wp-admin directory.
Must Read: Automatically Log out Idle Users in WordPress
Why Password Protect the WP-Admin Directory?
Adding multiple security layers to your WordPress website will make it harder for hackers to hack. These small security measures can halt any hacking attempt and provide you time to block the attack.
Password protecting the wp-admin will double the work of brute force and dictionary attackers. They have to guess the wp-admin page password and then the login password.
Also, if you have given cPanel access to your team members, you would not like them to make unattended edits to the wp-admin file. From there, they can change the user roles, usernames, and passwords.
If you are working with new members, you should also password protect the important directories.
However, setting up a password on the wp-admin directory is a reasonable security measure to begin with.
How to Password Protect Your WordPress Admin (wp-admin) Directory?
The simplest way to password protect your WordPress admin directory is to use cPanel—most of the web hosting companies provide cPanel due to its user-friendly interface.
Follow the steps to password protect wp-admin with cPanel:
Step 1: Login to cPanel and check the Files tab
Step 2: Find the ‘Directory Privacy’ and click on it.
Here you will find the list of all the directories of your WordPress website. Click on the publick_html directory.
Step 3: Edit the wp-admin folder
The Public_html folder contains all other WordPress content. As you can see, the ‘wp-‘ prefix on the folder names.
You can edit the wp-admin by clicking on the edit button. If you click on the folder, you will open the folder, which we don’t want.
Step 4: Password protect the wp-admin
Tick the ‘password protect this directory’. This will enable the box. Check the directory name in the box and click on Save.
Step 5: Set up user and password
You can create a new user from here. Set up username and password for the user, and click on save.
That’s it.
Your wp-admin directory is password protected. You can check the wp-admin folder in the Directory Privacy section, and you will find a folder icon with a lock.
Want to add more users?
You might want to give the directory access to other people too.
Create a new user from the same place you were at step 5, scroll down, and you will find an option to create a new user.
Fill in the information and hit the save button.
Error Troubleshooting
Password protecting wp-admin can bring few errors if the WordPress hosting is not configured correctly.
If you are with ServerGuy manager WordPress hosting, we will solve them.
404 Error or a Too many redirects error
The error “too many redirects” means that the website keeps being redirected between different addresses in a way that will never complete.
You can solve it by adding following line of code to the .htaccess file.
ErrorDocument 401 default
Ajax issue with directory password
Many websites use Ajax functionality on the front end. eCommerce stores use it for the search and filter page.
However, directory privacy may break the plugins that use Ajax due to a lack of control. It is one of the shortcomings of WordPress, and developers are finding the solution.
In the meantime, you can add a code snippet to the .htaccess file to avoid any errors.
<Files admin-ajax.php>
Order allow, deny
Allow from all
Satisfy any
</Files>
What is the WP-admin directory?
The wp-admin directory is one of the two core WordPress folders. It contains all the files and folders critical to make the WordPress dashboard functional.
You can find the wp-admin folders inside the public_html folder.
Should you hide WP-admin?
In some cases, hiding WP admin can secure your website. Your competitors or hackers might launch the brute force attack on the site on the launch day. It will overheat the web servers causing the speed issue and loading problems. Moving the admin area will block the naive brute force attacks.
Wrap up
WordPress is an amazing and robust CMS, but it is only as secure as we can make it.
Protecting the admin page is the first step towards WordPress security. You can use plugins to secure wp-admin pages, add questions, and limit login attempts to further up the security.
After everything is done, having a strong password plays a critical role in keeping the website safe.
In this quick tutorial, I showed you how to password protect your WordPress admin directory with cPanel.
If you encounter any issue, do leave it in the comment section.
3 thoughts on “How to Password Protect Your WordPress Admin (wp-admin) Directory?”
Hi,
Very helpful thanks! I did this and it worked like a charm … except for one big issue I can’t figure out.
I have ONLY edited the wp-admin folder on my site and set the username and password, which works great.
But the pop-up asking for username and password shows up on every page of my site. If I hit “cancel”, I can visit the page just fine so it’s not actually protected.
And I didn’t Change anything at the root/public_html level.
It’s a confusing experience for users and the pop-up makes it look like they need a password just to view my site. So they’ll likely leave. I really want this extra layer of security though.
Can you advise?
Hi,
Using GoDaddy Hosting and trouble with protecting wp-admin.
Looking for a solution for 2 days on internet until seen this page!
You’re so great and saved my life.
Solved the problem using the solution: ErrorDocument 401 default
Thanks a lot.
Hello Burak, glad to know our article helped you.