Plugin Directory

Test out the new Plugin Directory and let us know what you think.
!This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Password Protection

HTTP Basic Authentication as secondary defense for wp-admin - blocks brute force attacks. Also blocks users (bots) with No-Referrer Headers.

Will this plugin keep my site from being hacked?

NO! No plugin can keep your site from being hacked but this plugin will stop annoying brute force attempts to your login page.

What is a No-Referrer Request?

A No-Referrer Request is a direct request made to your wp-login.php file. Normally when you go to wp-admin and you are not logged in WordPress will redirect you to wp-login.php. When this happens the referrer is from your same domain. Bots and automated scripts normally make direct post requests to wp-login.php without a referrer. This plugin can block all requests without a referrer or requests from a referrer that is not from your domain.

What if I forget my Password?

If you forget your password there is no way to recover it because it is stored as an encrypted hash. If you forget your password you will have to disable the plugin by changing the name of the password-protection using FTP. Once disabled and you log in you can then re activate the plugin and enter a new password on the settings page.

Requires: 3.5.1 or higher
Compatible up to: 3.6 beta
Last Updated: 4 years ago
Active Installs: 50+


0 out of 5 stars


Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.