Just occured to me: what’s the point of password protecting www.yoursite.com/wp-admin when a user can just type www.yoursite.com/wp-login.php, bypassing the password on /wp-admin?
Am I missing something here? I’ve ready many blogs/posts that suggest adding this extra layer of protection to wp-admin using .htaccess/.htpasswd.
The protection from .htaccess is for the folder
/wp-adminit’s not for the URLOpen up your ftp programme (or download WordPress) and look inside /wp-admin
By only allowing your IP access this folder you’re blocking a lot of possible exploit issues (as mentioned in comments below).
I always prefer to login at
mysite.com/wp-adminand not login.php this way, if you’re still logged in to your site, you go straight to the Admin section.Even accessing http://www.yoursite.com/wp-login.php will still prompt you for password. It’s a good way to add another security layer on your site. The problem here is that you need to add a font-end login and registration if you need user to login.