When posting or updating WordPress articles, you log in from the login page of the admin panel. However, the login page URL can be guessed by someone familiar with WordPress. Although you cannot log in without knowing the “username” and “password”, there is a possibility of a brute-force attack (a method where an attacker tries multiple “usernames” and “passwords”) by malicious users, so it is important to implement security measures.
Logging into the WordPress admin panel requires robust security. In this guide, we will explain in detail how to set up basic authentication on the WordPress login page. This method is easy to understand not only for experienced WordPress users but also for beginners and will be useful as practical knowledge.
Basics of Basic Authentication
Basic authentication is one of the security features that requires a username and password when accessing a webpage. Applying this method to your WordPress login page can reduce the risk of unauthorized access.
Prepare .htpasswd file for basic authentication login
First, create the .htpasswd file required for basic authentication. This file contains usernames and encrypted passwords. The password needs to be generated using encryption methods such as MD5. It’s easy to do using an online htpasswd generator. For example, you can use the following site:
Enter the “username” and “password” and click “Encrypt” to generate an encrypted basic authentication “username” and “password” in the section labeled “Copy & Paste the string to the .htpasswd file”.
<Files wp-login.php>
Username:EncryptedPassword
</Files>
Edit the .htaccess file
Next, edit the .htaccess file located in the root directory of your WordPress site. By adding the basic authentication configuration to this file, users will be prompted for authentication when accessing the login page. Add the following code to your .htaccess file.
* Be sure to back up your .htaccess file before editing.
<Files wp-login.php>
AuthUserFile /***Specify the server path***/.htpasswd
AuthGroupfile /dev/null
AuthName "Please enter your ID and password"
AuthType Basic
require valid-user
</Files>
Since the login page URL of the WordPress admin panel contains “wp-login.php”, this configuration applies basic authentication when the URL includes “wp-login.php”.
Replace “/***Specify the server path***/” with the path on your hosting server where the .htpasswd file is located.
Verify Basic Authentication Operation
After setup, access the WordPress login page (e.g., https://your-site/wp-login.php) and a basic authentication popup will appear. Enter the username and password configured in the .htpasswd file to access the WordPress login page.
You can access the WordPress login page by entering the “username” and “password” set when creating the .htpasswd file.
Conclusion
Setting up basic authentication is an effective way to prevent unauthorized access to your WordPress admin panel. Use this article as a reference to strengthen the security of your site.
* If you reuse this content, please do so at your own risk.
