In a cPanel server, we can simply create password protected directories via the control panel (Home >> Security >> Password Protect Directories). If we enable this feature, the system will prompt all users accessing that particular directory with a username and password window. This provides a second layer of protection to our account on the internet. Now let's see, how we can protect the WordPress login page from Brute Force Attack!
Creating “.htpasswd” file
To do password protection first you need to create a .htpasswd file to store the secret authentication details. There are different options available to create this. In a cPanel server, we can create it from the control panel itself. Otherwise, you can create this from this online tool >> HTPASSWD GENERATOR . Then upload the file to your home directory, a best location should be in "/home/user/.htpasswds/public_html/test/wp-admin/".
File name :: /home/user/.htpasswds/public_html/test/wp-admin/passwd
Then place the code in the WordPress installation directory.
Append the code pasted below into the .htaccess file under WP installation directory.
# copy this code to .htaccess, ucartz.com # To prevent loops ErrorDocument 401 default # Protect wp-login <Files wp-login.php> AuthUserFile /home/user/.htpasswds/public_html/test/wp-admin/passwd AuthName "Private access" AuthType Basic require valid-user </Files>
NB: "ErrorDocument 401 default" this line will help you to avoid redirection error.
That’s it!