Password Protect Your WordPress Login Page - Brute Force Attack Prevention | WP Learning Lab

Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: https://wplearninglab.com/17-point-wp...

Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-harde...
Password Protect Your WordPress Login Page - Brute Force Attack Prevention | WP Learning Lab

Password protect the wp-login.php file

ErrorDocument 401 "Unauthorized Access"
ErrorDocument 403 "Forbidden"
(left pointy bracket)FilesMatch "wp-login.php"(right pointy bracket)
AuthName "Authorized Only"
AuthType Basic
AuthUserFile /home/username/.wpadmin
require valid-user
(left pointy bracket)/FilesMatch(right pointy bracket)

Password protect the wp-login.php file

You doesn't allow the pointy brackets (Shift period and Shift comma) so make sure they match what you see in the video.

http://www.htaccesstools.com/htpasswd...

In this tutorial I'm going to show you how to password protection your WordPress login page. Yes, you read that correctly, you'll have to log in before you can log in.

Why is this a good idea?

When Brute Force Hackers try to guess your username and password they do so in one of two places: the login page or the XMLRPC.php file (learn to protect XMLRPC.php here:    • Disable WordPress XMLRPC.PHP - Common...  )

If the hacker can't access the login page then they can't even being to guess your username and password. Of course you want to protect the login.php file with a username and password that doesn't also have an account on your website.

So let's get started.

First things first, we have to create a .wpadmin file in the user folder of your hosting account (this is a level above your website folders).

Then we go to this website, http://www.htaccesstools.com/htpasswd..., to generate the code for the .wpadmin file. Copy and paste the code that you generate into the file and save it.

Following that we put the code from the very top of this description into the .htaccess found in the root of the website folder. Save that file when you're done.

Now when anyone tries to access to the default WordPress login page (wp-login.php) they will be required to enter a username and password first.

After they've successfully entered those details they will be taken to the login page where the can log into the WordPress site.

This is great for WordPress security, hacker proofing and reducing the likelihood of a successful brute force attack.

I hope this information helps you! If you have any questions leave a comment below or ping me @WPLearningLab on Twitter.

--------------

If you want more excellent WordPress information check out our website where we post WordPress tutorials daily.

http://wplearninglab.com/

Connect with us:

WP Learning Lab Channel: http://www.youtube.com/subscription_c...

Facebook:   / wplearninglab  

Twitter:   / wplearninglab  

Google Plus: http://google.com/+Wplearninglab

Pinterest:   / wplearninglab