Best Web Hosting

Password Protect Your WordPress Login Page - Brute Force Attack Prevention | WP Learning Lab - Best Webhosting

Thanks! Share it with your friends!

URL

You disliked this video. Thanks for the feedback!

Sorry, only registred users can create playlists.
ULTRAFAST, CHEAP, SCALABLE AND RELIABLE! WE STRONGLY RECOMMEND ACCU WEB HOSTING COMPANY
Password Protect Your WordPress Login Page - Brute Force Attack Prevention | WP Learning Lab

Watch Wordpress WPLearningLab Video: Password Protect Your WordPress Login Page - Brute Force Attack Prevention | WP Learning Lab.
Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL
Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist
Password Protect Your WordPress Login Page - Brute Force Attack Prevention | WP Learning Lab

# Password protect the wp-login.php file

ErrorDocument 401 "Unauthorized Access"
ErrorDocument 403 "Forbidden"
(left pointy bracket)FilesMatch "wp-login.php"(right pointy bracket)
AuthName "Authorized Only"
AuthType Basic
AuthUserFile /home/username/.wpadmin
require valid-user
(left pointy bracket)/FilesMatch(right pointy bracket)

# Password protect the wp-login.php file

You doesn't allow the pointy brackets (Shift period and Shift comma) so make sure they match what you see in the video.

http://www.htaccesstools.com/htpasswd-generator/

In this tutorial I'm going to show you how to password protection your WordPress login page. Yes, you read that correctly, you'll have to log in before you can log in.

Why is this a good idea?

When Brute Force Hackers try to guess your username and password they do so in one of two places: the login page or the XMLRPC.php file (learn to protect XMLRPC.php here: https://youtu.be/WiIaz-Ik3tE)

If the hacker can't access the login page then they can't even being to guess your username and password. Of course you want to protect the login.php file with a username and password that doesn't also have an account on your website.

So let's get started.

First things first, we have to create a .wpadmin file in the user folder of your hosting account (this is a level above your website folders).

Then we go to this website, http://www.htaccesstools.com/htpasswd-generator/, to generate the code for the .wpadmin file. Copy and paste the code that you generate into the file and save it.

Following that we put the code from the very top of this description into the .htaccess found in the root of the website folder. Save that file when you're done.

Now when anyone tries to access to the default WordPress login page (wp-login.php) they will be required to enter a username and password first.

After they've successfully entered those details they will be taken to the login page where the can log into the WordPress site.

This is great for WordPress security, hacker proofing and reducing the likelihood of a successful brute force attack.

I hope this information helps you! If you have any questions leave a comment below or ping me @WPLearningLab on Twitter.

--------------

If you want more excellent WordPress information check out our website where we post WordPress tutorials daily.

http://wplearninglab.com/

Connect with us:

WP Learning Lab Channel: http://www.youtube.com/subscription_center?add_user=wplearninglab

Facebook: https://www.facebook.com/wplearninglab

Twitter: https://twitter.com/WPLearningLab

Google Plus: http://google.com/+Wplearninglab

Pinterest: http://www.pinterest.com/wplearninglab/

Published:
Category: Wordpress WPLearningLab
72 Views

Related Videos

RECOMMENDED WEB HOSTING

FASTCOMET

Fastcomet

HOSTGATOR

HOSTGATOR

BLUEHOST

BLUEHOST

SITEGROUND

SITEGROUND

A2 HOSTING

A2 HOSTING

HOSTINGER

HOSTINGER

DREAMHOST

DREAMHOST

ACCU WEBHOSTING

ACCU WEBHOSTING

MILESWEB

MILESWEB

HOSTPAPA

HOSTPAPA
RSS