Rating: 4 stars

The purpose of this plugin is to create additional password protection for the wp-login page, or the wp-admin folder, or even your entire site. It does this by the standard method of adding code to the .htaccess file that gets an additional username and password from a .htpasswd file (in which the MD5 hash of the password is used rather than the password itself).

So far so good: it works, but it could be better – hence four stars.

When you open the plugin’s settings page, it asks you to enter a new user. At first I thought I had to enter my WordPress username, but in fact it wants the new username that you want to use for the additional login box. I realised that when I thought about it, but it should be made clearer.

More seriously, it puts the .htpasswd file in the same directory as the .htaccess file that it has modified. That is within the webroot, and so is accessible via http – although the plugin author has attempted to mitigate this by adding some more code to .htaccess preventing Apache from serving .ht* files. Much better is to put the .htpasswd file into the private folder, which is outside the webroot. I did that manually by moving the file and altering the location in .htaccess, both of which can be done using FTP, but it’s not convenient.

Conclusion: using the plugin is quicker than doing the whole thing manually. It would be quicker still if the settings page allowed you to choose where .htpasswd should be placed. The main advantage of the plugin is that it creates the .htpasswd file automatically; otherwise you would need console access to the server in order to run a script to create the file, or the ability to calculate the MD5 hash of the password if you want to create the file in a text editor.

Rating: 5 stars

Ce plugin fait sont travail, protéger l’admin, créer des htaccess et htpasswd et en plus ?a fonctionne

Rating: 3 stars

I try to manually set password on the wp-admin page but did not work, this plugins work, but with some bugs.

First GUI bug, if I disable some option, it ask for password even when the user and password form not showed.

And 2nd bug is with woocommerce. If I enable Protection for wp-login, when buyer logoff their account, this plugin ask for password. The only solution is disabled wp-login protection and only enable it on wp-admin page.

Not perfect but this plugins work. Hope you fix the bug and get more download.