Can the /wp-admin directory in WordPress be password protected to prevent hacking?
 by Kristi Hagen

Can the /wp-admin directory in WordPress be password protected to prevent hacking?

  • Are you or your dev people in the habit of password protecting the /wp-admin directory on WordPress sites using a .htpasswds or similar?

    I've just had a client site hacked for the second time in 6 months, and I'm wondering about using this security trick. Does this lock Google out of anything important?

Answer:

We don't normally password protect the wp-admin page but in some cases we have moved the login page to avoid this issue by using /wpaccess (or some other non-standard URL) instead of wp-admin. You could also restrict that directory based on IP address.

WordPress, by default, allows access to that URL specifically. Seems there are some requests for /wp-admin/admin-ajax.php that might create some rendering issues depending on the theme/setups. You probably could just allow access to that file and nothing else in /wp-admin/ based on IP.

Fyi, we do often use Securi and/or Wordfence.SEN article end

...

TO READ THE FULL ARTICLE

SearchEngineNews.com Logo

Continue reading your article with a $1 Trial SEN Membership

VIEW MEMBERSHIP OPTIONS