How to Password Protect Your WordPress admin(wp-admin) Directory

Isn’t the wp-admin directory already password protected? As you read the topic of the article I think you may have confused with that point about wp-admin directory protection. Yes, it is true. But most of the popular sites get actions to add an extra layer of authentication for an additional layer of security. It is considered a better action for the security of the site. Recent past, we directed that some unauthorized activities happening in TrendyPort. So we get action to protect the password of our WordPress admin directory under our host HostGator advise. Normally popular sites like Mashable also do the same. 

The objective of this article is to guide step by step about how to password protect your WordPress admin(wp-admin) directory. For better understand and clear clarification we will only cover cPanel web hosting companies here just because cPanel has an easy enough interface to add password protected directories.

First login to your cPanel. Secondly, scroll down to find the security tab there. Then click on the “Password Protect Directories” icon.

After you click on that, a lightbox will pop up. The reason for showing up this is for asking for a directory location. Just click on the webroot. Once there, go to your WordPress hosted folder. Now click on the / wp-admin / folder. Then the screen will look like this.

Now, carefully read the appeared screen. Moreover, check the box to password protect the directory. It’s over. Now try to access your wp-admin directory. If you have done it, then you can obtain the authentication required box.

Manual Method

Here firstly, you have to create a .htpasswds file. For that, you can use this generator to do it easily. Secondly, upload this file outside your /public_html/directory. The better path is:

home/user/.htpasswds/public_html/wp-admin/passwd/

Now, create a .htaccess file and upload it in /wp-admin/ directory. Further, add the following codes in there.

AuthName "Admins Only" AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd AuthGroupFile /dev/null AuthType basic require user putyourusernamehere

As the next step, you must update your username in there. Also, you have to update the AuthUserFile location path.

I have a 404 Error or a Too many redirects error

This error may be happen depending on how your server is configured. To settle this issue, you have to open your main WordPress .htaccess file and add the following code there before the WordPress rules start.

ErrorDocument 401 default

Well, there you have it. Now your WordPress admin area is more secured. You now have dual authentication for your WordPress admin area. This is a good option to restrict wp-admin access by the IP address.

Update: Here is how to fix the Admin Ajax Issue

If your password protects your WordPress admin directory, it will break Ajax functionality in the front end (if using it). In this case, we don’t have any plugins that use Ajax on the front end. But if you do, here’s how you can solve that problem.

Therefore, open your main WordPress .htaccess file located in your /wp-admin/ folder ( This is not the main .htaccess file that we edited above).

Type the following code in the wp-admin .htaccess file.

<Files admin-ajax.php> Order allow,deny Allow from all Satisfy any </Files>

We hope this article helps to fix your issues. If you have further problems please comment below.

Connect with us

We would like to hear about your problems, questions, and suggestions. So feel free to contact us. This is free of charge service that we offer. But we receive thousands of emails per day. So it is impossible to reply to all of them. So we create a Community to help you individually. Go to Community and open help Topic under the relevant category.  Please spread this post to your friends by sharing Facebook and other major social media. And make sure to like us on Facebook.