Hi all,

Welcome back to my blog-post…….!!!!

Most of the peoples are using wordpress to build their websites due to its simplicity and also its user friendly too

But lot of attackers are targeting wordpress login page to hack the websites, If n- number of hits received our server related services will be seriously affected and there may be a chance of server sluggish

The cause of the outage was a distributed denial of service (DDoS) attack, in which a network of computers infected with special malware, known as a “botnet”, are coordinated into bombarding a server with traffic until it collapses under the strain.

This kind of attack is known as DDoS attack

So securing the wordpress login page is an important one to keep our website related contents to avoid data loss

There are lot of ways to protect the wordpress login page some of them are protecting using plugins/enabling captcha

But one of the recommended protection is enabling first level authentication to our wordpress login page

Step 1 : Log on cPanel

Log on your cPanel using the cPanel logon credentials and go-to file manager

Make sure dot files are not hidden, if its hidden kindly enable show dot files option in the file manager itself

Step 2: Generating htpasswd:

Now we need to generate a htpasswd for encrypted password, There are lot of htpasswd generators are available in internet

If you feels its hard to find an htpasswd generator then click here

Step 3: Creating htpasswd file:

Now we need to create a new file in the home directory itself, Save the file name as .wp-admin and put the generated htpasswd in that file

Step 4: Editing .htaccess file configuration:

This is the main part where we need to update our configuration script

We need to paste the below script in .htaccess file and make sure the .htaccess file starts with the below script

Then only first level authentication will works perfect

ErrorDocument 401 "Unauthorized Access"
ErrorDocument 403 "Forbidden"
<FilesMatch "wp-login.php">
AuthName "Contact Your Hosting Company for Username and Password"
AuthType Basic
AuthUserFile /home/shreeoms/.wpadmin
require valid-user

Step 5: Verifying our task

If you followed the steps without any mistakes now you will be prompt for first level authentication at the time of accessing your wordpress admin login page

Now we have successfully enabled first level authentication for our wordpress login page

Another tip which I wish to say is keep your plugins/themes updated periodically which will helps to reduce the malicious/infected scripts injections to your wordpress based website

We all know our website data is so important so even we enable the first level authentication we need to change our wordpress admin login credentials periodically which will helps to protect our website information

Also I’m advising you to take the backup periodically and store into multiple location where you felt the backup is safe

Unfortunately If any data loss occurred on your wordpress based website, the backup which we maintain will helps us to restore the website as earlier

Thanks for reading and learning a new thing from my article, See you on my another blog post



Leave a Comment