Securing wordpress website with dual protection

Due to recent hacks of wordpress admin. A new debate comes what is the easiest and best possible way to secure a website that is being developed in wordpress. Although wordpress hack is done from passing a unnatural link back to uploading malicious script on the server. With keeping in mind this thing we must need to know the best way to securing a wordpress based site. One of the possible way of securing website is to dual protection of your wordpress admin section because the most recent attack of wordpress is done through admin section hack. Below code snippet will help us to achieve double protection of wordpress admin section. The dual protection contains

i) HTTP based protction (when someone access your wp-login.php file)

ii) Regular authentication of wordpress

HTTP based protection (when someone access your wp-login.php file) Use below code snippet to your .htaccess file


AuthUserFile /var/www/html/.htpasswd
AuthType Basic
AuthName "Website authorization"
Require valid-user

With above code snippet in your .htaacess file. You must need to store a file at the server path /var/www/html (This path can be anything on server) a file .htpasswd below code snippet can be written under .htpasswd file

username:$apr1$zbHD0TWK$Z/3lMobCaAok2LbMoCFgz0

Remember: One entry per line. Note: The hash is typically “UNIX crypt” style with MD5 or SHA1 as common alternatives.

Related posts:

The following two tabs change content below.

Chandra Shekhar

GCP Architect
Chandra Shekhar Pandey is Google certified Cloud engineer, I am Magento2 Trained developer. Having huge experience in designing cloud solution. I have around 12 years of experience with world enterprise IT companies and fortune 500 clients. During my architecture design I am always caring about high availability, fast performance and resilient system. From the programmer background I have huge experience in LAMP stack as well. Throughout my carrier I have worked on Retail, E-Learning, Video... Read More about Chandra Shekhar

Latest posts by Chandra Shekhar (see all)