Support » Fixing WordPress » cant log in after password protecting admin directory

  • Hi friends,

    I am a newbie and know very little on this topic…I know that I need to protect my site using the .htaccess file…fortnately my host supports the password protect feature for directories.

    the problem started when I used the password protect feature from controlpanel (that automatically creates the htaccess file and htpaswd file into those folders)and changed my admin directory into protected mode…since then I am not able to see the log-in page of my wordpress site and cant access the admin area…I get an error

    ” This is somehat embarrasing isnt it ?? it seems we cant find what you’re looking for searching below might help”

    this happens as long as the admin directory is kept protected, and works fine whenever I remov the protection using the cpanel.

    I contacted my host and they asked me to remove the code from the .htaccess file in the admin folder..but that didnt help (ofcourse !!)..I told them that wasnt an issue and they gave up..referring me to wordpress.

    hope I get the solution here.
    hanks in advance

Viewing 2 replies - 1 through 2 (of 2 total)
  • The same problem is with me for my site and after that i removed the admin folder protection.

    He, some hosting providers tend to do that, blame it on WP.

    Protecting your WP installation with an admin folder protection is not necessarily the best option.

    Whatever approach you decide, always back-up WP and all your files!

    You could make your admin address ( and the wp-login.php file IP based in .htaccess (careful if you have a dynamic IP), prevent access to your .htaccess and wp-config.php files in .htaccess, Hide WP admin login,

    Make wp-login.php IP based login
    This goes into your root directory .htaccess file

    <Files wp-login.php>
    Order deny,allow
    Deny from All
    Allow from

    Where = your IP

    Protect your wp-config.php
    This goes into your root directory .htaccess file

    <files wp-config.php>
    order allow,deny
    deny from all

    Prevent directory browsing
    This goes into your root directory .htaccess file

    Options All -Indexes

    Protect your WP from script injections
    This goes into your root directory .htaccess file

    Options +FollowSymLinks
    RewriteEngine On
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
    RewriteRule ^(.*)$ index.php [F,L]

    Limit login attempts plugin

    Define unique keys and salts

    Secure your uploads directory.

    Hide login error messages.

    Always have strong passwords, never use “admin” as your admin username, hide WP version (not everyone supports this approach), move your wp-config.php file above the root directory (not always a good solution and it depends on your hosting settings sometimes) have a look on these WP security hacks and the 5G Firewall (read it carefully and test it).

    Read about Hardening WP.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘cant log in after password protecting admin directory’ is closed to new replies.