Whenever I try to protect wp-admin directory using a password, .htaccess file is created inside wp-admin folder. But when I navigate to the wp-admin folder via browser it gives below error. Also i have noted when i rename or delete the htaccess file within wp-admin folder then browser is able to navigate to wp-admin folder.
What can i do to protect wp-admin folder and at the same time access the wp-admin folder via browser ?
htaccess within wp-admin folder looks like below
AuthName "Authorised Users"
AuthUserFile "/home/abc/.htpasswds/public_html/wp-admin/passwd"
AuthType Basic
require valid-user
you can write following code into htaccess
and below into htpasswd
OR you can use plugin
I had similar issues when adding password protection to the wp-admin directory. In addition to the code that you already added, try adding the following 2 lines to the top of your .htaccess file:
Note that while you might have protected your wp-admin directory, you have not protected your wp-login.php file, you you are still vulnerable to a brute force attack. So you will also want to edit the .htaccess file at the root of your site and enclose the same code within FilesMatch tags. So it would look something like this: