How to secure wordpress admin folder
There are various ways to protect your admin folder in WordPress by limiting access in .htaccess. You can do so using plugins but the recommended method is by configuring the .htaccess file manually. When you do it manually, there are various security measures that you can take to prevent different types of hacking attempts.
Limiting Access in .htaccess
You would need FTP software to access your files and folders of your website. FileZilla is the best FTP software. Install and open it and then log into your cPanel account. Note that you might see a different .htaccess file in different folders or in the root directory. Do not edit those at all. You have to edit only the .htaccess file residing inside WP-Admin folder. Therefore, move inside WP-Admin folder and spot the .htaccess file. In case you do not have one, you have to create it with the name .htaccess. Make sure that you take a backup of the file before editing it. This is how .htaccess looks like.
1. Restricting Admin Access
The first thing you need to do is to restrict any other computer or device from accessing your website as the admin other than your device or computer. You can achieve this by allowing your IP address only. If you have multiple devices, you can allow IP Address of each one of them. From the security point of view, it is the strictest step you can take ever take but it also restricts you from accessing your Admin panel from anyone else’s computer.
Add the following code below #END WordPress which is the last line in the .htaccess file. Place your IP addresses corresponding to the allow statement and you can have as many allow statements as you want.
Once you access the file, place the following snippet of code in it.
# Deny access to .htaccess
Deny from all
This is will restrict users from accessing your .htaccess file. Simple, isn’t it?
Now that we have secured the .htaccess file, it is time we move on to the others. So let us start with securing the wp-admin folder.
2. Password Protect WordPress Admin Directory
Your WordPress admin area is already protected by your WordPress password. However, adding password protection to your WordPress admin directory adds another layer of security to your website.
First login to your WordPress hosting cPanel dashboard and then click on ‘Password Protect Directories’ or ‘Directory Privacy’ icon.
Next, you will need to select your wp-admin folder, which is normally located inside /public_html/ directory.
On the next screen, you need to check the box next to ‘Password protect this directory’ option and provide a name for the protected directory.
After that, click on the save button to set the permissions.
Next, you need to hit the back button and then create a user. You will be asked to provide a username / password and then click on the save button.
Now when someone tries to visit the WordPress admin or wp-admin directory on your website, they will be asked to enter the username and password.
3. Change File Permissions
To protect your admin folder even further, you can change the write permissions on both files to 444.
Do this in your web hosts cPanel account using File Manager or use FTP.