How to Protect wp-login.php

  • I’m successful in putting a password in my wp-admin directory. I also allow admin-ajax.php using .htaccess located in wp-admin. I also put the ErrorDocument. Now how can I protect wp-login.php? I followed a few instructions I found on the net and nothing worked so far. Here’s one of them. I put this in my main .htaccess.

    <FilesMatch "wp-login.php">
ErrorDocument 401 default
AuthType Basic
AuthUserFile "/home/xxx/.htpasswds/public_html/wp-admin/pwd"
AuthName "Authorized Only"
require valid-user
</FilesMatch>

    There are few lines which confuse me. First, in AuthUserFile, I also tried putting the path of the .htpasswd which I generated using an online tool. I put AuthUserFile ~/.htpasswd is this correct? Second. the require valid-user. Is that already it or I should put the username I have in the .htpasswd?

    The problem I’m having is I get a 404 even when I try to login through https://www.domain.com/wp-admin.

    I’d appreciate any help.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘How to Protect wp-login.php’ is closed to new replies.