Author Topic: Password protect WordPress login – wp-login.php  (Read 335 times)

fasily2k

  • Green Belt
  • *****
  • Posts: 233
  • Karma: +0/-0
Password protect WordPress login – wp-login.php
« on: February 20, 2016, 06:29:20 AM »
What is password protection?
t’s a smart feature to protect directories against accessing it from unauthorised users. In a cPanel server, we can simply create password protected directories via the control panel (Home >> Security >> Password Protect Directories). If we enable this feature, the system will prompt all users accessing that particular directory with a user name and password window. This provide a second layer of protection to our account on internet. Here I explain, how we can protect the WordPress login page from Brute Force Attack!

Why this topic?

Simply to save your accounts resources 😛 Chance of login attacks are high on WordPress websites as it has a known login page wp-login.php under the installation folder. A DoS to this page can slowdown your website and consume resources. If your WordPress domain is hosted in a CloudLinux platform, you will definitely face the “508 Resource Limit Is Reached” error on your web-page. Here we are going to protect the login page against Brute Force Attack. The steps are simple:



POST TAGS

SHARE THIS




INSHARE
Pin It
PRETTY POSTS

HOW/STEPS TO INSTALL VIRTUALBOX – CENTOS 5.X, 6.X RHEL 5.X, 6.X
35+ UBUNTU MIXED WALLPAPERS (HD) FOR LINUX LOVERS
HOW TO FIND WHETHER THE IP ADDRESS IS BLACKLISTED OR NOT IN CSF
[SOLVED] CALL TO A MEMBER FUNCTION ADD() ON A NON-OBJECT – ERROR IN JOOMLA
HOW TO FIND THE TOTAL NUMBER OF CONNECTIONS FOR A CPANEL ACCOUNT FROM THE LOG FILES – COMMAND-LINE(SSH) OPTION
BY ARUNLAL A - FEBRUARY, 18TH 2016
What is password protection?

It’s a smart feature to protect directories against accessing it from unauthorised users. In a cPanel server, we can simply create password protected directories via the control panel (Home >> Security >> Password Protect Directories). If we enable this feature, the system will prompt all users accessing that particular directory with a user name and password window. This provide a second layer of protection to our account on internet. Here I explain, how we can protect the WordPress login page from Brute Force Attack!

Why this topic?

Simply to save your accounts resources 😛 Chance of login attacks are high on WordPress websites as it has a known login page wp-login.php under the installation folder. A DoS to this page can slowdown your website and consume resources. If your WordPress domain is hosted in a CloudLinux platform, you will definitely face the “508 Resource Limit Is Reached” error on your web-page. Here we are going to protect the login page against Brute Force Attack. The steps are simple:

Creating “.htpasswd” file

Yeah, to do password protection first you need to create a .htpasswd file to store the secret authentication details. There are different options available to create this. In a cPanel server, we can create it from the control panel itself. Otherwise you can create this from this online tool >> HTPASSWD GENERATOR << The generated password must be in encrypted form. Then upload the file to your home directory, a best location should be in “/home/user/.htpasswds/public_html/test/wp-admin/“.

File name :: /home/user/.htpasswds/public_html/test/wp-admin/passwd
Then place the code in the WordPress installation directory




POST TAGS

SHARE THIS




INSHARE
Pin It
PRETTY POSTS

HOW/STEPS TO INSTALL VIRTUALBOX – CENTOS 5.X, 6.X RHEL 5.X, 6.X
35+ UBUNTU MIXED WALLPAPERS (HD) FOR LINUX LOVERS
HOW TO FIND WHETHER THE IP ADDRESS IS BLACKLISTED OR NOT IN CSF
[SOLVED] CALL TO A MEMBER FUNCTION ADD() ON A NON-OBJECT – ERROR IN JOOMLA
HOW TO FIND THE TOTAL NUMBER OF CONNECTIONS FOR A CPANEL ACCOUNT FROM THE LOG FILES – COMMAND-LINE(SSH) OPTION
BY ARUNLAL A - FEBRUARY, 18TH 2016
What is password protection?

It’s a smart feature to protect directories against accessing it from unauthorised users. In a cPanel server, we can simply create password protected directories via the control panel (Home >> Security >> Password Protect Directories). If we enable this feature, the system will prompt all users accessing that particular directory with a user name and password window. This provide a second layer of protection to our account on internet. Here I explain, how we can protect the WordPress login page from Brute Force Attack!

Why this topic?

Simply to save your accounts resources 😛 Chance of login attacks are high on WordPress websites as it has a known login page wp-login.php under the installation folder. A DoS to this page can slowdown your website and consume resources. If your WordPress domain is hosted in a CloudLinux platform, you will definitely face the “508 Resource Limit Is Reached” error on your web-page. Here we are going to protect the login page against Brute Force Attack. The steps are simple:

Creating “.htpasswd” file

Yeah, to do password protection first you need to create a .htpasswd file to store the secret authentication details. There are different options available to create this. In a cPanel server, we can create it from the control panel itself. Otherwise you can create this from this online tool >> HTPASSWD GENERATOR << The generated password must be in encrypted form. Then upload the file to your home directory, a best location should be in “/home/user/.htpasswds/public_html/test/wp-admin/“.

File name :: /home/user/.htpasswds/public_html/test/wp-admin/passwd
Then place the code in the WordPress installation directory

passwodpro1

Append the code pasted below into the .htaccess file under WP installation directory.


# copy this code to .htaccess, CryBit.com
# To prevent loops

ErrorDocument 401 default

# Protect wp-login
<Files wp-login.php>
AuthUserFile /home/user/.htpasswds/public_html/test/wp-admin/passwd
AuthName "Private access"
AuthType Basic
require user auth
</Files>

NB : “ErrorDocument 401 default” this line will help you to avoid redirection error.

The above steps will re-prompt the login page: