Password protect wp admin folder : redirecting issue

Whenever I try to protect wp-admin directory using a password, .htaccess file is created inside wp-admin folder. But when I navigate to the wp-admin folder via browser it gives below error. Also i have noted when i rename or delete the htaccess file within wp-admin folder then browser is able to navigate to wp-admin folder.

What can i do to protect wp-admin folder and at the same time access the wp-admin folder via browser ?

Read More

http://abc.com/wp-admin/

enter image description here

htaccess within wp-admin folder looks like below

AuthName "Authorised Users"
AuthUserFile "/home/abc/.htpasswds/public_html/wp-admin/passwd"
AuthType Basic
require valid-user

Related posts

Leave a Reply

2 comments

  1. you can write following code into htaccess

    AuthName "Restricted Area" 
      AuthType Basic 
    AuthUserFile /home/pathto_htpasswd/.htpasswd 
    AuthGroupFile /dev/null 
    require valid-user
    

    and below into htpasswd

    username:encrypted_password
    

    OR you can use plugin

  2. I had similar issues when adding password protection to the wp-admin directory. In addition to the code that you already added, try adding the following 2 lines to the top of your .htaccess file:

    ErrorDocument 401 "Access Denied"
    ErrorDocument 403 "Access Denied"
    

    Note that while you might have protected your wp-admin directory, you have not protected your wp-login.php file, you you are still vulnerable to a brute force attack. So you will also want to edit the .htaccess file at the root of your site and enclose the same code within FilesMatch tags. So it would look something like this:

    <FilesMatch "wp-login.php">
    ErrorDocument 401 "Access Denied"
    ErrorDocument 403 "Access Denied"
    AuthName "Authorised Users"
    AuthUserFile "/home/abc/.htpasswds/public_html/wp-admin/passwd"
    AuthType Basic
    require valid-user
    </FilesMatch>