Title: WordPress Admin Protection
Last modified: August 21, 2016

---

# WordPress Admin Protection

 *  Resolved [jwsmithc4](https://wordpress.org/support/users/jwsmithc4/)
 * (@jwsmithc4)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/wordpress-admin-protection/)
 * I’m trying to work the kinks out on my wordpress site, hosted on it’s own domain.
 * When I or any users go to login or register it pops up with this [http://atheist-gamer.com/wordpress%20login.PNG](http://atheist-gamer.com/wordpress%20login.PNG)
 * I’ve gone through the dashboard to no avail. I’m thinking it has to be fixed 
   somewhere else but I’m new to this and have yet to find anything referencing 
   it short of “Protecting your WordPress Site”.
 * Thank you for any help.
    The site is located at [http://www.atheist-gamer.com](http://www.atheist-gamer.com)
 * Side question but somewhat related, would there be anyway to have registered 
   users on my PHPBB forum automatically added to the WordPress user list?
 * Thanks for any help.
 * _[Moderator Note: Please ensure that you are embedding links correctly in your
   posts.]_

Viewing 14 replies - 1 through 14 (of 14 total)

 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545548)
 * Are you using an admin protection plugin?
 *  Thread Starter [jwsmithc4](https://wordpress.org/support/users/jwsmithc4/)
 * (@jwsmithc4)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545595)
 * The only plugins I have installed are [Plugins](http://atheist-gamer.com/PLugins%20being%20used.PNG)
 * I’m not seeing anything in there that would cause this problem. I’m kind of thinking
   it my be a mysql problem.
 *  [congnghevps](https://wordpress.org/support/users/congnghevps/)
 * (@congnghevps)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545596)
 * Using htaccess to create passwd for your web folder, 🙂
 * Regards,
 *  Thread Starter [jwsmithc4](https://wordpress.org/support/users/jwsmithc4/)
 * (@jwsmithc4)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545628)
 * This is my .htaccess.
 *     ```
       <files wp-config.php>
       order allow,deny
       deny from all
       </files>
   
       # Block the include-only files.
       <IfModule mod_rewrite.c>
       RewriteEngine On
       RewriteBase /
       RewriteRule ^wp-admin/includes/ - [F,L]
       RewriteRule !^wp-includes/ - [S=3]
       RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
       RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
       RewriteRule ^wp-includes/theme-compat/ - [F,L]
       </IfModule>
   
       # BEGIN WordPress
       <IfModule mod_rewrite.c>
       RewriteEngine On
       RewriteBase /
       RewriteRule ^index\.php$ - [L]
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteRule . /index.php [L]
       </IfModule>
   
       # END WordPress
       ```
   
 * What exactly should be changed?
 *  Thread Starter [jwsmithc4](https://wordpress.org/support/users/jwsmithc4/)
 * (@jwsmithc4)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545715)
 * Still have not found an answer on this.
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545716)
 * What answer were you looking for and what protection?
 * If you mean to block `wp-admin` and `wp-includes` then there is a real chance
   you’ll break something without intending to.
 * There are ways to harden your WordPress installation.
 * [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress)
 * As well as deal with (_really irritating!_) Brute Force attacks.
 * [http://codex.wordpress.org/Brute_Force_Attacks](http://codex.wordpress.org/Brute_Force_Attacks)
 * Or you can even consider a security plugin (I don’t use any of those myself).
 * [http://wordpress.org/plugins/search.php?q=security](http://wordpress.org/plugins/search.php?q=security)
 * But again, what are you looking for when you say “WordPress Admin Protection”?
 *  Thread Starter [jwsmithc4](https://wordpress.org/support/users/jwsmithc4/)
 * (@jwsmithc4)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545717)
 * I’m trying to remove this useless login that pops up whenever ANYONE tries to
   login or register. Before the log in
    It says “A username and password are being
   requested by [http://www.atheist-gamer.com](http://www.atheist-gamer.com). The
   site says: “[ WordPress Admin Protection: Please enter username ‘admin’ and password‘
   wplogin’ to load your WP login page ]””
 * I’m trying to remove this, it doesn’t seem to be in the .htaccess or anything.
 *  Thread Starter [jwsmithc4](https://wordpress.org/support/users/jwsmithc4/)
 * (@jwsmithc4)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545718)
 * I have no plugins activated besides the ones right here
 * [http://atheist-gamer.com/PLugins%20being%20used.PNG](http://atheist-gamer.com/PLugins%20being%20used.PNG)
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545722)
 * > “A username and password are being requested by [http://www.atheist-gamer.com](http://www.atheist-gamer.com).
   > The site says: “[ WordPress Admin Protection: Please enter username ‘admin’
   > and password ‘wplogin’ to load your WP login page ]”
 * That sounds like something your host has implemented as a way to get around brute
   force login attempts. It won’t stop a real person from entering that admin/password
   combination but would stop or slow down bots from hitting `wp-login.php`.
 * Contact your host and ask them where that’s from. That doesn’t look like anything
   a WordPress plugin would do or leave behind.
 *  Thread Starter [jwsmithc4](https://wordpress.org/support/users/jwsmithc4/)
 * (@jwsmithc4)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545724)
 * ok that’s kinda what I was thinking but didn’t want to go and bug them for something
   that was implemented automatically.
 * I’m new to the whole CMS thing and WordPress in general.
 * I’m mostly a design person and 5/4 of this is new, plus there is a billion lines
   of stuff to go through to find what you’re looking for when it comes to researching
   these problems.
 * also wplogin is a pretty common phrase to search for…
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545725)
 * Well… if you can see hidden files on your web server the look for any `.htaccess`
   files in `wp-admin`, wp-includes`, etc. as a just in case.
 * But there really shouldn’t be any other `.htaccess` and posting the ID and password
   like that would make for an awful security feature… 😉
 * I’m pretty sure it’s your host. Hopefully you’ll get someone who can confirm 
   that.
 *  Thread Starter [jwsmithc4](https://wordpress.org/support/users/jwsmithc4/)
 * (@jwsmithc4)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545726)
 * Yea I was thinking the same thing, I can’t find any mention of it anywhere. I
   emailed em, they’re usually pretty prompt.
 * Thanks again for the help.
 *  Thread Starter [jwsmithc4](https://wordpress.org/support/users/jwsmithc4/)
 * (@jwsmithc4)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545727)
 * I think I resolved it myself… I installed that all-in-one security thing, Changed
   the login/register page.
 * And now it’s not popping up from what I can tell.
    [Atheist Gamer](http://www.Atheist-gamer.com/no_god)
 * Thanks again for all the help, I think it may have been the actual Login/register
   php file. which still doesn’t make sense to me
 *  Thread Starter [jwsmithc4](https://wordpress.org/support/users/jwsmithc4/)
 * (@jwsmithc4)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545728)
 * I guess if the script they are using is targeting the default login/register 
   page and you change the filename it no longer targets it, so… yea Resolved? I
   guess.

Viewing 14 replies - 1 through 14 (of 14 total)

The topic ‘WordPress Admin Protection’ is closed to new replies.

## Tags

 * [admin](https://wordpress.org/support/topic-tag/admin/)
 * [login](https://wordpress.org/support/topic-tag/login/)
 * [protection](https://wordpress.org/support/topic-tag/protection/)
 * [Registration](https://wordpress.org/support/topic-tag/registration/)
 * [wplogin](https://wordpress.org/support/topic-tag/wplogin/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 14 replies
 * 4 participants
 * Last reply from: [jwsmithc4](https://wordpress.org/support/users/jwsmithc4/)
 * Last activity: [12 years, 1 month ago](https://wordpress.org/support/topic/wordpress-admin-protection/#post-4545728)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics