Prevent unauthorized WordPress wp-admin and wp-login.php attempts

 01.  Login in to cPanel

 02. Click Directory Privacy

 03. Click the folder icon next to public_html

 04. Click wp-admin

 05. Select Password protect this directory

 06. Enter WordPress Admin for Name then click Save

 07. Click Go Back

 08. Under Create User enter a Username, click Password Generator to create a strong password.

 09. Save the password, click I have copied this password in a safe place and click Use Password

 10. Click Save at the bottom of the page

 11. Go back to cPanel home page and click File Manager

 12. Open public_html directory

 13. Open wp-admindirectory

 14. Select .htaccess and click Edit

 15. Add below text in the file

ErrorDocument 401 "Unauthorized"
ErrorDocument 403 "Forbidden"

# Allow admin-ajax.php access
<files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</files>

 

   17. Click public_html on the left
   18. Select .htaccess and click Edit
   
19. At the top of the file enter the code below

ErrorDocument 401 "Unauthorized"
ErrorDocument 403 "Forbidden"
 
<filesmatch "wp-login.php">
AuthType Basic
AuthName "WordPress Admin"
AuthUserFile "/home/USERNAME/.htpasswds/public_html/wp-admin/passwd"
require valid-user
</filesmatch>

   20. Note: Replace *USERNAME* with your cPanel username
   21. Click Save Changes

 
 
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Deleting post revisions from the WordPress database

One of the great features the WordPress added in was post revisions. Any changes made to posts...

How do I enable automatic updating for major versions in WordPress?

WordPress has added in support for automated upgrading of minor releases. This means it will...

Displaying the most recent posts from a single category in WordPress

Have you ever seen a site that showed the most recent post or posts from a single category? If...

Recovering from the dreaded "eval(gzinflate(base64_decode" attack

So you're running a WordPress site and one day you realize that your search engine traffic is...