Protect WordPress Admin is a plugin that helps wordpress administrators to hide wp-admin and wp-login pages from non-logged in users. The result is that in case of brute force attacks, the protected login pages will return 404 error.
In order to access the admin area, the users will have to go to wp-login page which in turn requires some authorization key and values passed as parameters to wp-login.php. Then only login page is available. In all the other cases, only 404 page is shown.
- What do Admin Authorization Key and Admin Authorization Value mean?
The key and value are the pair that you pass to wp-login.php page to access login page. e.g. If you have set authorization key as ‘authkey’ and authorization value as ‘12345’ then in order to access the login page you should type http://your-site-url/wp-login.php?authkey=12345. Without these the url will return a ‘page not found’ error.
- I forgot my key and value pair. What to do now?
- Access your wordpress databases from phpMyAdmin or other client.
- Find the table *_options (e.g. wp_options)
- Execute the sql query “UPDATE wp_options SET value = ‘no’ WHERE option_name=’_protect_admin_enabled'”. This will disable the plugin.
- The first release of plugin.