Skip to main content

How to Use .htaccess to Protect wp-admin Folder in WordPress

One of the most common ways to secure WordPress is by using a .htaccess file. This can be done by adding a few lines of code to your .htaccess file, which is located in the root directory of your WordPress site.

Limit IP Addresses

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "IP Limit"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
allow from xxx.xxx.xxx.xxx
</LIMIT>

This will deny access to anyone that isn’t coming from your IP address. You will need to replace “xxx.xxx.xxx.xxx” with your actual IP address.

Once you have added the code to your .htaccess file, save it and upload it back to your server. Now, when someone tries to access your wp-admin area, they will be redirected away from it unless they are coming from one of the allowed IP addresses.

If you need to allow access to your wp-admin area from a new IP address, simply add it to the end of the RewriteCond line in your .htaccess file.

Password Protected Directories

Another way to protect your wp-admin area is by password-protecting it. This can be done by creating a .htpasswd file and adding it to your wp-admin directory.

The .htpasswd file will contain a username and password for each user that you want to have access to the directory. The password will be encrypted, so anyone who tries to view the .htpasswd file will only see a bunch of gibberish.

You can generate an encrypted password for each user using a tool like this to generate a htpasswd file.

Once you have added all of the users to the .htpasswd file, save it and upload it to your wp-admin directory. Then add the password file to .htaccess file like this:

AuthName "Admin Section"
AuthUserFile /path-to-wordpress-folder/wp-admin/htpasswds
AuthType basic
Require valid-user

<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any 
</Files>

Now, when someone tries to access your wp-admin area, they will be prompted for a username and password. If you need to add a new user, simply open the .htpasswd file and add their username and password on a new line. Save the file and upload it back to your server.

By continuing to use the site, you agree to the use of cookies.