Securing WordPress Admin in Linux
- This article is for advanced users. If these steps are done incorrectly, you could interrupt the connection between the server and database.
- You need to know what a
.htaccess
file is and be comfortable editing one.
You can add an extra layer of security by requiring an additional password before users are allowed to access your wp-admin folder. This can prevent attacks that attempt to bypass the WordPress admin login.
Requiring an additional password shouldn't interfere with plugins, themes, and stock WordPress installations.
To Secure WordPress Admin in Linux
- Set up password protection on your WordPress installation's wp-admin directory. For more information, see Password Protecting a Directory in Your Shared Hosting Account.
- Using your hosting account's editor, open your
wp-admin/.htaccess
file. - Add this code to the bottom of the file:
<Files "admin-ajax.php"> Order allow,deny Allow from all Satisfy any </Files>
Now, when you visit your WordPress admin login, you are prompted to log in.