WordPress.org

1. justinmarch
   Member
   Posted 1 month ago #

   Am thinking about implementing the following within .htaccess file placed at: /wp-admin/.htaccess

   AuthUserFile /dev/null
   AuthGroupFile /dev/null
   AuthName “Access Control”
   AuthType Basic
   order deny,allow
   deny from all

   I realise that the above currently blocks all access but will something like the above prevent most/all types of hacks

   Is there a way of password protecting the access through the same .htaccess file. I was hoping to implement using a static IP address rather than a password but this is a no go.

   Justin

2. buddha trance
   Member
   Posted 1 month ago #

   I have password protected the wp-admin folder this way:

   1 - .htaccess file (in the wp-admin folder)

   ## password begin ##
   AuthUserFile /usr/www/users/path/to/blog/wp-admin/.passwd
   AuthName     "Protected"
   AuthType     Basic
   <Limit GET POST PUT>
   require valid-user
   </Limit>
   <Files .passwd>
   deny from all
   </Files>
   ## password end ##
   
   # BEGIN WordPress
   <IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteBase /
   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteCond %{REQUEST_FILENAME} !-d
   RewriteRule . /index.php [L]
   </IfModule>
   # END WordPress

   Of course, your directory path will vary depending on server.

   2 - .passwd file (also in the wp-admin folder)

   I had to call it .passwd, depending on server it may be .htpasswd, in which case make sure it is called this way in the code above as well.

   In this file, I simply added the one line of text created by this password generator
   http://webinfo.inch.com/server/apache/htpasswd.html

   Both files have permission 644

   Hope this helps!

Reply

You must log in to post.