Brute force attacks are not uncommon on the internet, and protecting your WordPress install will help deter such attacks.
Password Protecting wp-login.php
- Create a file called ".wpadmin", and place it in your home directory (/home/user/.wpadmin)
- Edit .wpadmin and place your username and encrypted password in it, following this format:
username:encryptedpassword
Generate A Password
Â
- Using the htaccess tools website above, create a username and password.
- Log in to cPanel in another tab or window.
- Select "File Manager".
- Select "Home Directory".
- Select "Show Hidden Files (dotfiles)".
- Select "Go".
- Find your .wpadmin file and edit it. If none exists, create one.
- Paste the code provided by the htaccesstools website.
- Select "Save Changes".
- Select "Close".
- Now you must edit the .htaccess file. Find and open it.
- Add this code to it:
ErrorDocument 401 "Unauthorized Access"
ErrorDocument 403 "Forbidden"
<FilesMatch "wp-login.php">
AuthName "Authorized Only"
AuthType Basic
AuthUserFile /home/user/.wpadmin
require valid-user
</FilesMatch>
