WordPress is a popular content management system (CMS) used by millions of website owners around the world. But like any other software, WordPress can be vulnerable to hacking. In this article, we’re going to show you how to protect your WordPress admin panel from hackers with .htaccess. First and foremost, make sure you have a strong password for your WordPress admin panel account. Second, make sure you keep your WordPress installation up-to-date with the latest security patches. And finally, use .htaccess to protect your WordPress admin panel from unauthorized access. To do this, open up your .htaccess file in a text editor like Notepad and add the following lines:
BEGIN WPADMINACCESS WPADMINACCESS allow all # END WPADMINACCESS
This will allow all users who are logged in to your server access to the WordPress admin panel. If you only want certain users or groups of users to have access to the WordPress admin panel, you can add additional lines after the # BEGIN WPADMINACCESS line: WPADMINACCESS allow user1 group1 ,allow user2 group2 … ..
The Apache web server has a built-in mechanism that allows you to assign a required password for a folder, which is separate from your WordPress password.
Quick Blog Security Tips
Security is important enough that I felt it necessary to include some extra tips here. This is by no means a complete list, but you should look into them anyway.
Make sure you are running the latest version of WordPress and all your plugins. You should consider subscribing to BlogSecurity. net, a blog that attempts to cover security news about blogging platforms. Make sure that your file permissions are set correctly according to the WordPress guidelines. Make sure you are using tough passwords for all accounts. Make sure that you are backing up your entire WordPress installation and database. Lock down your administration folder with . htaccess rules (covered here)
Assigning a Password to wp-admin Directory Manually
Create a file named .htaccess in your wp-admin directory, and add the following contents:
You’ll need to adjust the AuthUserFile line to use the full path to the .htpasswd file we’ll create in the next step. You can find the full path by using the pwd command from the shell prompt.
Next you’ll need to use the htpasswd command line utility to create the password file. I would also advise that you use a different user account and password than you use for your WordPress installation.
You’ll want to make sure you are in the directory specified by AuthUserFile, and change “myusername” to something unique for your site. This will create a file with contents similar to the following:
At this point you should be prompted for a password when you navigate to your WordPress administration panel. You’ll notice that “Restricted Area” is the text from the .htaccess file, which could be changed to anything else.
If you get a server error instead, you should probably remove the .htaccess file and start over.
Lastly, you should make sure that you remove write permissions to both files with the chmod command as one more layer of security.
.htaccess Password File Generator
chmod 444 .htpasswd
There’s a great tool from Dynamicdrive that will do all the hard work of creating the file for you. This is especially useful if you don’t have shell access to your server, because you can just upload the files via your FTP/SFTP client.
http://tools.dynamicdrive.com/password/
You should still make sure that you remove write access once the files are uploaded.