In order to prevent “Brute Force Attacks” on your WordPress website, all you need is to password protect WordPress admin directory.

Basic tips on how to password protect your wordpress admin directory

Every WordPress installation has 3 main directories.

  • wp-content: this folder contains themes, plugins, images and uploads folder and files.
  • wp-includes: this directory includes all PHP related files and functions which actually required for running WordPress.
  • wp-admin: this folder is the front end of WordPress dashboard, from here you can manage all of your website settings.

Note: also learn how to disable directory browsing for /wp-content/ and /wp-includes/ folder, so no one can see your website structure and access PHP files.

All of you who use WordPress know that WordPress admin is password protected. However, to make your WordPress more secure, all you need to do is to apply additional security to the WordPress admin directory so that unauthorized users can’t even reach to the login screen and attempt brute force attacks.

Protecting your WordPress Login Screen is not that much difficult, if you are using Hostgator or Blue Host or any other web hosting company which gives you cPanel access.

Password Protect WordPress Admin Directory Using X3 Skin

Login to your web hosting cPanel. Search for the security tab and click password Protect Directories icon.

Once you click on Password Protect Directories Icon, it will show popup asking for directory location. Select option Web Root (public_html/www) and click on go button. Please check below image:

Password protect wordpress directories location

Once the directory list is open search for wp-admin folder under your WordPress installation, check below picture. Next, click on the wp-admin folder.

WP-Admin Directory

Note: if you click on folder icon you will enter in to the folder, while if you click on folder name you will see security settings page.

Click on /wp-admin/ directory and fill up the security settings and choose strong user and password. Check below picture:

password protected directory security settings

Now, try to access wp-admin directory after applying password protect method, you will see a popup asking for user and password authentication.

wp-login screen

Paper Lantern Skin Directory Protect settings

Paper Lantern is the newest (2015) Theme for the cPanel operating web hosting panel. All Web hosting companies may use this skin in their cPanel.

If you are using paper lantern skin you will found it with different name called Directory Privacy.

password protect wordpress directories in paper lantern skin

Note: other settings are same as X3 skin, just a difference of design.

Too many redirects or 404 Error

If you see 404 or too many redirects error on WordPress login page, it is because of your server configuration. In order to fix it, open .htaccess in WordPress admin directory and put the following code at the top of the files.

ErrorDocument 401 default

Congratulations!, Now you have successfully applied double authentication for your WordPress login page or admin section. This method is a perfect alternative instead of limiting users on wp-admin by IP address.

Note: How to resolve font end Ajax Issue

If you successfully applied password protection on your WordPress Admin directory or WP Admin Screen. Then you have to take care of Ajax functionality you are using on the front end. if you are using any plugin which uses ajax functionality on the front end of your WordPress, then please follow the instructions below:

Open the .htaccess file in your /wp-admin/ folder and paste the following code:

<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any 


At digital Pixels, we routinely add informative blogs like this, which improve your skill as well as help you to protect and maintain your website better than before, if you found this blog helpful please share it as much as you can, so other people can also get benefits from this article.

Other Useful Articles: