WordPress Security: Brute Force Attacks

Brute force attacks are not uncommon on the internet, and protecting your WordPress install will help deter such attacks.

Password Protecting wp-login.php

  1. Create a file called ".wpadmin", and place it in your home directory (/home/user/.wpadmin)
  2. Edit .wpadmin and place your username and encrypted password in it, following this format:

Generate A Password


  1. Using the htaccess tools website above, create a username and password.
  2. Log in to cPanel in another tab or window.
  3. Select "File Manager".
  4. Select "Home Directory".
  5. Select "Show Hidden Files (dotfiles)".
  6. Select "Go".
  7. Find your .wpadmin file and edit it. If none exists, create one.
  8. Paste the code provided by the htaccesstools website.
  9. Select "Save Changes".
  10. Select "Close".
  11. Now you must edit the .htaccess file. Find and open it.
  12. Add this code to it:

    ErrorDocument 401 "Unauthorized Access"

    ErrorDocument 403 "Forbidden"

    <FilesMatch "wp-login.php">

    AuthName "Authorized Only"

    AuthType Basic

    AuthUserFile /home/user/.wpadmin

    require valid-user


  • 30 Users Found This Useful
Was this answer helpful?

Related Articles

How to make WordPress show as Secure in Google Chrome

In order to make your WordPress installation show as Secure in Google Chrome, you'll need ensure...

Temporary URLs in WordPress

To use your Temporary URL with a WordPress installation, you will need to edit the Windows Hosts...

WordPress Optimization

Optimizing your scripts can keep your server and website loading quickly for your visitors. These...

Changing the WordPress Directory

You may want to change the location of your WordPress blog after you have installed it. For...

Fixing the Internal Server Error in WordPress

There are a few possible causes of the 500 Internal Server Error. It is not always due to...