Plugin Directory

!This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Password Protection

HTTP Basic Authentication as secondary defense for wp-admin - blocks brute force attacks. Also blocks users (bots) with No-Referrer Headers.


  • Fixed bug that prevented authentication from activating on certain server configurations
  • Added password confirmation to settings page
  • Better blocking for no-referrer requests to wp-login.php


  • Changed password hashing to use wp_hash_password and wp_check_password *props chrisguitarguy https://github.com/chrisguitarguy
  • Fixed bug that bypassed block when WordPress was installed in sub directory or query string was appended to url *props chrisguitarguy
  • Block No-Referrer requests option checked by default
  • Added version check and update function to clear current password for upgrading users to force change and use of new password hashing


  • Initial Version

Requires: 3.5.1 or higher
Compatible up to: 3.6 beta
Last Updated: 4 years ago
Active Installs: 60+


0 out of 5 stars


Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.