Securing WordPress Admin in Linux

Note: Managed WordPress accounts do not support the addition of a second password as described in this article.

This article shows you how to add an additional password to your wp-admin folder under WordPress® on Linux shared hosting. A few important things you need before you get started:
  • This article is for advanced users. If these steps are done incorrectly, you could interrupt the connection between the server and database.
  • You need to know what a .htaccess file is and be comfortable editing one.
Why add an additional password?

You can add an extra layer of security by requiring an additional password before users are allowed to access your wp-admin folder. This can prevent attacks that attempt to bypass the WordPress admin login.

Requiring an additional password shouldn't interfere with plugins, themes, and stock WordPress installations.

To Secure WordPress Admin in Linux

  1. Set up password protection on your WordPress installation's wp-admin directory. For more information, see Password Protecting a Directory in Your Shared Hosting Account.
  2. Using your hosting account's editor, open your wp-admin/.htaccess file.
  3. Add this code to the bottom of the file:
    <Files "admin-ajax.php">
      Order allow,deny
      Allow from all
      Satisfy any 
    </Files>

Now, when you visit your WordPress admin login, you are prompted to log in.