To keep things simple, we’ll only discuss cPanel web hosting companies because cPanel offers a user-friendly interface for creating password-protected directories.
Log into your cPanel account. Scroll to the bottom of the page until you reach the Security Tab. Select the “Password Protect Directories” icon from the drop-down menu.
A lightbox popup will appear when you click that, asking for the directory location. Simply click on the web root. Navigate to the folder where your WordPress is housed once you’ve arrived. Then go to the /wp-admin/ folder and click on it. To password-protect the directory, simply check the box. Then, for the directory, create a user. That is all.
Make a .htpasswds file first. Using this generator, you may do so quickly. This file should be placed outside of your /public html/ directory. The following is an ideal path to follow:
Then, under the /wp-admin/ directory, create a .htaccess file and upload it. Then paste in the following codes:
AuthName "Admins Only" AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd AuthGroupFile /dev/null AuthType basic require user putyourusernamehere
I’m getting a 404 or Too Many Redirects issue
Well, depending on how your server is set up, this could happen. To fix this issue, open your main WordPress .htaccess file and add the following code before the WordPress rules start:
ErrorDocument 401 default
That’s all. Your WordPress admin area now has double authentication. This is a decent alternative to restricting access to wp-admin by IP address.
How to Resolve the Admin Ajax Problem
The Ajax feature in the front-end will be broken if you password lock your WordPress Admin directory (if it is being used).
Open the .htaccess file in your /wp-admin/ directory (This is NOT the main .htaccess file that we edited above).
Paste the following code into the wp-admin .htaccess file:
<Files admin-ajax.php> Order allow,deny Allow from all Satisfy any </Files>