Can the /wp-admin directory in WordPress be password protected to prevent hacking?
Can the /wp-admin directory in WordPress be password protected to prevent hacking?
-
Are you or your dev people in the habit of password protecting the /wp-admin directory on WordPress sites using a .htpasswds or similar?
I've just had a client site hacked for the second time in 6 months, and I'm wondering about using this security trick. Does this lock Google out of anything important?
Answer:
We don't normally password protect the wp-admin page but in some cases we have moved the login page to avoid this issue by using /wpaccess (or some other non-standard URL) instead of wp-admin. You could also restrict that directory based on IP address.
WordPress, by default, allows access to that URL specifically. Seems there are some requests for /wp-admin/admin-ajax.php that might create some rendering issues depending on the theme/setups. You probably could just allow access to that file and nothing else in /wp-admin/ based on IP.
...
