Support » Fixing WordPress » Password protecting /wp-admin/

  • I have been trying to password protect the wp-admin folder using .htaccess, but instead of asking for the password I get “Error 404 – Not Found”. Any ideas?

Viewing 10 replies - 1 through 10 (of 10 total)
  • What does your .htaccess file say?

    Thread Starter TimothyA


    AuthUserFile /home/xxx/public_html/wp-admin/.htpasswd
    AuthGroupFile /home/xxx/public_html/wp-admin/
    AuthType Basic
    AuthName EnterPassword

    require user xxx

    Thread Starter TimothyA


    BTW… that is the one I wrote, but I even used my hosting company’s tools to password protect, and I get the Error 404 with their .htaccess as well.

    The same problem.
    I have installed .htaccess into the folder wp-admin
    When i’m trying to get to – WP redirects me to 404 page.

    The server is running CentOS + DirectAdmin. On all servers running DirectAdmin i got THE SAME!! problem. On other servers without DirectAdmin all is OK.
    I tried to rebuild Apache (2.0 \ 2.2) all the same.
    Please Help, i really need the directory wp-admin password protected.

    problem solved
    wp-admin .htaccess

    ErrorDocument 401 default
    AuthType Basic
    AuthName "Restricted Area"
    AuthUserFile /home/admin/domains/*****.info/public_html/wp-admin/.htpasswd
    require valid-user

    main .htaccess in domain root

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    # END WordPress

    For that little extra security it’s probably worth keeping your .htpasswd file outside of the web accessible area. And like 4seoblogs, you shouldn’t need the reference to AuthGroupFile in your .htaccess file if you aren’t intending to use one, TimothyA.

    4seoblogs, thank you SO much! I’ve been looking for a solution for how to use password protection on the wp-admin directory and your code above solved it. This should be added to the WordPress documentation.



    The solution is to download your .htaccess file, open it using notepad or similar and add the following code before the WordPress entries, or modify the current ErrorDocument 401 line to the following:

    ErrorDocument 401 default

    Upload the file back to the server.

    I wrote this blog post about it if you need more details.

    Of course. But if any required field in the comments are missing, Apache ask user and password to the visitor. 🙁

    PD: although if the visitor click cancel then WordPress gives it the error of the fields 🙂

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Password protecting /wp-admin/’ is closed to new replies.