If you have ever used a content management system you obviously know there are default methods for accessing the backend. If you look at server stats, you will see many requests to your website trying to access the administrator backend. Obviously, you may wonder why people are snooping around in an area which has nothing to do with web content. You can’t stop this, but, by taking away the default urls to access the backend, or creating other methods to make backend access difficult, you will deter most cases from hackers looking for easy pickings.
To create a second level of security, you can password protect the wp-admin folder with a second, very secure username and password.
To create a password protected directory with Cpanel,
1) Login to Cpanel.
2) Select ‘Password Protect Directory’.
3) Select the directory.
4) Create a User and Password.
5) Save it.
If the directory is in a subfolder, you may not be able to password-protect the directory with Cpanel. But, there is another simple method to password protect any directory.
To password-protect a directory,
1) Create a file in the wp-admin folder called .htaccess and add the following code:
AuthName “Password Protected Directory”
<Limit GET POST PUT>
The AuthUserFile will be the location of a new password file and could be the path for your WordPress Installation. You could locate the file outside the WordPress installation for extra security.
2) Create a file called .htpasswd and save the file in the desired directory. The file is stored in the path displayed in the .htaccess file.
3) Go to http://www.htaccesstools.com/htpasswd-generator/ or another website to generate a htpasswd.
4) Copy and the password into the .htpasswd file.
The password looks like:
That is all there is to it to password protect the directory.