How to Add Password to WordPress Admin (wp-admin) Directory via cPanel?

WordPress admin area must be protected because this is where most of the flaws and unauthorized users are reported to be located. The first method that you can attempt to enhance the security of your WordPress website is to use cPanel combined with putting a password to the directory of WordPress admin.

This knowledge base will lead you through the various steps that will enable you to implement this security precaution.

Why Secure the WordPress Admin Directory?

Another directory of your WordPress site is the backend, which is open to administrators and users with higher privileges, such as wp-admin. It contains important information and elements that are improper to modify or steal since they lead to data leaks, alteration of illegal content, and even an entire website hijack. The incorporation of another line of defence, like a password, may significantly reduce the above security issues.

Prerequisites

First, ensure you have the following:

1. Access to cPanel

2. WordPress Installed

Step-by-Step Guide to Add Password to WordPress Admin Directory

Follow these steps to add a password to the wp-admin directory using cPanel:

Step 1: Access cPanel

1. Log in to cPanel

2. Navigate to File Manager: Look for the "File Manager" icon or link within the cPanel dashboard. Click on it to open File Manager.

Step 2: Locate the wp-admin Directory

1. Navigate to Your WordPress Installation: In File Manager, locate the directory where your WordPress site is installed. This is typically found under the public_html directory or a directory named after your domain.

2. Access wp-admin: Open the wp-admin directory. This is where WordPress backend files, including administrative scripts and settings, are stored.

Step 3: Create .htpasswd File

1. Create a New File: Inside the wp-admin directory, click on the "+ File" or "New File" button in the File Manager toolbar.

2. Name the File: Name the file .htpasswd (note the leading dot). This file will store usernames and encrypted passwords for authentication.

3. Edit the File: Right-click on the newly created .htpasswd file and select "Edit" or "Code Edit". This opens a text editor.

Add User Credentials: Enter the username followed by a colon (:) and the encrypted password. The password must be encrypted using the htpasswd utility or an online tool. For example, if your username is admin, and the password secure password, the entry in .htpasswd should look like this:
swift
Copy code
admin:$apr1$randomstring$encryptedpasswordhash

Replace the encrypted password hash with the actual encrypted password hash.

4. Save the File: Once done, save the changes and close the text editor.

Step 4: Modify .htaccess File

1. Access .htaccess File: In File Manager, locate and right-click on the .htaccess file within the wp-admin directory. Select "Edit" or "Code Edit".

Add Authentication Configuration: Insert the following lines at the top of your .htaccess file:
apache
Copy code
AuthType Basic

AuthName "Restricted Area"

AuthUserFile /path/to/your/wp-admin/.htpasswd

Require valid-user

2. Replace /path/to/your/wp-admin/ with the actual server path to your wp-admin directory.

3. Save the Changes: Save the .htaccess file after adding the authentication configuration.

Step 5: Test the Password Protection

1. Access wp-admin: Open a new browser tab and navigate to https://yourdomain.com/wp-admin

2. Enter Credentials: Enter the credentials you added to the .htpasswd file.

3. Verify Access: After entering valid credentials, you should be able to access the WordPress admin dashboard.

Additional Tips for Security

- Employ Robust Passwords: The password you enter for the.htpasswd file should be robust and difficult to decipher.

- Update Passwords Frequently: In order to keep security, change passwords on a regular basis.

- Observe the Access Logs: Watch the cPanel access logs for any attempts at illegal access.

- Backup Files: Before making any changes, it's usually a good idea to make a backup of your.htaccess and.htpasswd files.

Conclusion

Adding a password on the WordPress admin directory through cPanel helps your website to have an additional layer of security. Thus, the steps described in this article will help you protect the wp-admin area against potential threats and unlawful intrusion into the administration section. Ensure that your WordPress site has a security check and make adjustments periodically to ensure it has not become insecure.