How To Password Protect Your WordPress Admin Directory

Password protect your WordPress admin directory

The security of a WordPress website is one of the major concerns and you should always look for adding one more security layer.

The admin directory is responsible for accessing your WordPress dashboard. You pass through the login phase and enter in the admin panel.

Have you ever thought to password protect your WordPress admin directory? You may be wondering as if it’s already protected because you use login credentials to enter in the WP-Admin area.

Well, we’re talking about adding one more layer. Before you even see the login page, an extra authentication will get added.

It can save your WordPress website from brute force attack and more.

What Do You Need To Do To Activate This Authentication feature?

In this tutorial, I am going to guide you with a simple method which requires the use of cPanel.

Follow the steps.

Step 1:- Login to your web hosting cPanel and scroll down to the security section. You will see a “Password protect directories” icon. Click on that.

password protected

Step 2:- A popup box will appear to you asking about the domain name and the directory you want to open. By default, it will be “web root” and that’s what you have to open.

It’s because your website is placed in the PUBLIC_HTML folder. All the WordPress files and folder are present in the root directory.

protect admin panel

On this new page, you will see many folders. As you want to password protect your WordPress admin directory so click on the “wp-admin” folder.

Step 3:- A new page will open for you to enable the password protection. Check the box to activate it and enter the name of the directory you want to see while authenticating.

password protect your wordpress admin directory

You have to create a user so that you can pass the authentication while logging in to your admin panel.

NOTE : Don’t forget the username and the password.

Generate a strong password for the strongest security. Save the settings and click on the “Add or Modify The Authorized User” button.

You have successfully added a security layer to your WordPress admin directory. Whenever anyone tries to login, an alert box will appear which will require the login credentials of the user you created.

Do You get 404 Error or redirect errors?

Adding this authentication can block a few resources of the wp-admin directory. If you get any kind of error, you should add a small code in the .htaccess file present in the wp-admin folder.

Go to cPanel>>file manager>>wp-admin>>.htaccess file.

Edit and add the code.

ErrorDocument 401 default

The error may vary, you can also get 403 error. So add another line of code just by replacing 401 to 403. Save it and you’re good to go.

If you use any plugin which uses the Ajax of the wp-admin directory then you need to add another code in the .htaccess file.

Though only a few plugins use the front end Ajax functionality which can be solved. Just like above, navigate to the .hatccess file and add this code.

<Files admin-ajax.php>
Order allow, deny
Allow from all
Satisfy any

The errors will get removed if any. Congrats, you have successfully secured your website’s admin panel.

I Hope you can Easily Password Protect your WordPress Admin Directory.

The above-mentioned is the best method to accomplish this task. The simple use of the cPanel and within a few minutes, you will have a secure admin panel.

The codes mentioned above are in need to add only if you see any unusual error otherwise, everything is good.

Isn’t that easy to password protect your WordPress admin directory? If you still face any difficulty, feel free to drop a comment.

You can also connect with us on LinkedIn, Twitter, and Facebook.

by Ravi Chahar

A WordPress Professional and the LinkedIn Influencer. A coder by passion and a blogger by choice. WordPress theme development is his forte. He is your WordPress guy who will teach you how to solve WordPress errors, WordPress security issues, design issues and what not.

Get Free Updates Into Your Inbox

Learn Everything Just Like I Did



  1. Hey Ravi,

    This is great stuff! I never thought about this! Where have I been! We always think about hackers from our front-end on our blogs, NOT from the backend. You really got me thinking now. THANK YOU for bringing this to our attention!

    You rock!


    1. Hi Bren,

      This is not a step which can stop the hackers but at least it can save you from the suspicious login attempts. How would anyone login if the authentication layer wouldn’t get passed>
      Thanks for stopping by.
      Enjoy your weekend.

  2. Hi Ravi,

    I’ve never thought about adding this additional layer of security for protecting my WordPress blogs.

    However, I think it’s a great idea to password protect the WP admin directory to increase security. And by all means, the tools needed for it are already installed and ready to use with the easy steps you mention above.

    Have a great weekend,

  3. Hey Ravi,

    Amazing tutorial – Now-a-days, people required security to their work due to many unwanted suspicious elements are present on interent due to advancement of technology. It is really great stuff to inhibit from unwanted login attempts. Thanks for sharing.

    With best wishes,

    Amar kumar

    1. Hi Amar,

      Adding one more security layer is always a great idea. It will help you save from many fake login attempts.
      Thanks for stopping by.
      Enjoy the day.

  4. Hey Rav,

    Nice tutorial in securing the admin directory. In addition to password protecting, I recommend and ensure file permission are correct for folders and files, hence 644 file permission and folders should have 755 permissions.


Leave a Reply

Your email address will not be published. Required fields are marked *