How to password protect the wp-admin directory in cPanel

Password protecting your /wp-admin/ folder is an easy way to add additional protection against bots and other unauthorized access attempts. At Hands-On, if a bot fails this additional check several times, they will be automatically blocked in the firewall, preventing further access attempts. To complete this protection, follow the below 10 steps:

  • Login to cPanel
  • Click “Password Protect Directories” under “Security”
  • Click the text of “wp-admin”
  • Click the checkbox next to “Password protect this directory:”

  • Enter a phrase such as “Protected” in the “Name the protected directory:” box, then click save.
  • Click “Go back” after receiving the confirmation screen.
  • Under “Create User:”, create a new username and password that must be entered when you visit yourdomain.com/wp-admin/, and click Add/Modify authorized user.

  • Go back to the main cPanel page, and open the file manager. Ensure “Show Hidden Files (dotfiles)” is selected with the pop-up when visiting the File Manager.
  • Navigate into the wp-admin folder, and click the .htaccess file to highlight it. Once it is highlighted, click “Code Editor” at the top and click “Edit”
  • At the bottom of the file, add the following code to allow wordpress to recognize this additional password protection, and click save:

Was this article helpful?

Related Articles

Leave A Comment?