Chat / support@radicenter.eu

WordPress wp-admin folder / wp-login.php additional security filter

NB! Some WordPress blogs that have frequently being attacked by SpamBots / DDos – our system has automatically added additional security filter to prevent such things.
Username: admin
Password: radicenter

How to protect wp-admin folder yourself:

1. Log on to DirectAdmin
2. From menu FileManager -> search for folder you want to protect with additional password (wp-admin) and click “Protect”
3. Enter:
– Secure area name
– Secure area username
– Secure area password (NB! Recommended password is 20 char long, contains a-z A-Z 0-9 ,.#!$* and can not be guessed by dictionary attack.)
wp-admin folder is now secured.

How to secure wp-login.php :

1. DirectAdmin: From menu go to FileManager -> search for WP root folder (folder where WP is installed) , open/create .htaccess from/for that folder.
2. Add to .htaccess before #Wordpress begin# tags the same code You generated for wp-admin folder .htaccess
Sample code:

ErrorDocument 401 "Access Denied" 
ErrorDocument 403 "Access Denied" 

<FilesMatch "wp-login.php"> 
AuthGroupFile /dev/null 
AuthType Basic 
AuthUserFile /home/YOURUSERNAME/domains/YOURDOMAIN/.htpasswd/public_html/wp-admin/.htpasswd 
AuthName "YOURSECUREAREANAME" 
require valid-user 
AuthType Basic 
</FilesMatch> 

<Files admin-ajax.php> 
Order allow,deny 
Allow from all 
Satisfy any 
</Files>

In case of errors:

1. Error 404 or constant “redirect loop”
You have forgot/needed to add following code to WP root folder .htaccess file at the beginning:

ErrorDocument 401 "Access Denied"
ErrorDocument 403 "Access Denied"

 

2. WP index page is asking for password although You secured wp-admin folder only
– Check that You secured certainly only wp-admin folder and not WP root folder
– It is possible that Your WP installation is using some third party plugin that is redirecting via  admin-ajax.php . As that file resides in wp-admin folder – Password and username are being asked. Solution would be to add following lines to WP root folder .htaccess and wp-admin folder .htaccess:

<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any 
</Files>

 

Comments are currently closed.

This website utilizes cookies and similar technologies for functionality and other purposes. Your use of this website constitutes your acceptance of cookies.
Ok, got it.