Skip to main content

Password protecting WordPress Admin URL using cPanel and .htaccess

A step-by-step guide for setting up directory privacy on the wp-admin using cPanel.

Justin Catello avatar
Written by Justin Catello
Updated this week

One of the most effective ways of locking out intruders from potentially gaining access to your WordPress admin area is by introducing a first level login which in most cases completely deters brute force attacks. Within your cPanel, you are able to implement such privacy measures to your individual files. Please follow the steps below to better protect your WordPress site!

Index:

Direct Privacy Method

In this section, we will walk you through how to set up direct privacy through the Direct Privacy option. This method is best for beginners with little coding experience.

  1. Enter cPanel - If you don't know how, you can follow this guide.

  2. In cPanel, look for Directory Privacy under the Files tab.

  3. On the Directory Privacy page, there will be a table with directories. Please select public_html from the list.

  4. Within the public_html folder, you will see a new directories. Of the group, look for wp-admin and click Edit on the right-side.

  5. On the Set Permissions page, you will be able to set up your directory privacy. First, click the box next to Password protect this directory then enter a name for the protected directory. Once finished, click Save.

  6. A green message will appear informing you that your access permissions have been set up correctly.

  7. Back on the Set Permissions page, there will be a new section where you can create a user. Fill out the username and password, then click Save when finished.

  8. A green message will appear informing you that your user and password have been set up correctly.

  9. On the Set Permissions page, you can now see a list of users who are authorized to see the file. If you wish to remove a user, just click on the name and select Delete User.

Now anytime you go to your WordPress admin side you will first be prompted for the username and password you created.

File Manager Method

An alternative method to setting up your directory privacy using the File Manager. Please note that this is a more difficult method of setting it up, so it is not recommended to coding beginners.

  1. Enter cPanel - If you don't know how, you can follow this guide.

  2. In cPanel, look for File Manager under the Files tab.

  3. Within the File Manager, look for public_html then wp-admin and look for .htaccess. (If you do not see the .htaccess file, please go to Settings and click the box next to Show Hidden Files (dotfiles))

  4. Right-click .htaccess and click Edit. A pop-up, will appear, click Edit to proceed.

  5. Within the file, you will input the following: 

    AuthName "Admins Only"
    AuthUserFile /home/user/public_html/yourdomain.com/wp-admin/.htpasswd
    AuthGroupFile /dev/null
    AuthType basic
    require user ausername

    Once you have put the above in the file, click Save Changes.

  6. Back in the File Manager and under wp-admin, add a new file by clicking the + File at the top, then give it the name .htpasswd. Once you typed in the name, click Create New File.

  7. Find .htpasswd and right click the file, then click Edit. A pop-up, will appear, click Edit to proceed.

  8. In the file, you will input your username and password in a form of an HTPasswd. For assistance, you may use this site to generate a HTPasswd for your privacy. Once generated, place the HTPasswd in your file and click Save Changes.

Now anytime you go to your WordPress admin side you will first be prompted for the username and password you created.

Congratulations! You've successfully set up directory privacy.

If you have any questions, please don’t hesitate to contact our team via live chat.

For technical inquiries, please feel free to reach our support team by emailing support@bigscoots.com from your registered email or by submitting a support ticket.

Did this answer your question?