Password protecting your /wp-admin/ folder is an easy way to add additional protection against bots and other unauthorized access attempts. At Hands-On, if a bot fails this additional check several times, they will be automatically blocked in the firewall, preventing further access attempts. To complete this protection, follow the below 10 steps:
- Login to cPanel
- Click “Password Protect Directories” under “Security”
- Click the text of “wp-admin”
- Click the checkbox next to “Password protect this directory:”
- Enter a phrase such as “Protected” in the “Name the protected directory:” box, then click save.
- Click “Go back” after receiving the confirmation screen.
- Under “Create User:”, create a new username and password that must be entered when you visit yourdomain.com/wp-admin/, and click Add/Modify authorized user.
- Go back to the main cPanel page, and open the file manager. Ensure “Show Hidden Files (dotfiles)” is selected with the pop-up when visiting the File Manager.
- Navigate into the wp-admin folder, and click the .htaccess file to highlight it. Once it is highlighted, click “Code Editor” at the top and click “Edit”
- At the bottom of the file, add the following code to allow wordpress to recognize this additional password protection, and click save: