Connect with us

How to password protect the wp-admin directory from WordPress?


How to password protect the wp-admin directory from WordPress?

Password protecting your wp-admin directory is one of the  recommended security measures to harden security-leaking WordPress websites.

It is a very simple effective security measure but it also has potential to disrupt the rendering of the WordPress site because the security-mind-seriously-lacking developers (kind of reminding us the well-known company whose software indirectly created the billion dollar anti-virus industry) have insisted on calling some functions for regular visitors from wp-admin directory, which should be reserved strictly for admin.

One of the current issues is the calling of farbtastic.css from wp-admin/css directory: /wp-admin/css/farbtastic.css.

If you have password-protected wp-admin directory, your visitors will be shown a forbidden sign when this file is called.

To solve this problem, you will need to whitelist this particular file or all .css files, just in case the developers add another calling to the wp-admin/css directory.

The modified .htaccess file in wp-admin directory looks like this

AuthName “protected”
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from

#whitelisting wp-admin files
<Files “*.css” >
Order allow,deny
Allow from all
Satisfy any

The example assumes your static IP is If your IP address is assigned dynamically by your ISP, you may use “192.168.100.” to cover possible IP changes. If you find yourself locked out due to IP change, find your new IP, and change the old or add the new IP into .htaccess file.

Whitelisting will ensure any web-browser calling by regular visitors for any css files from wp-admin will be honored, not denied.

Be sure to check your log file to spot any denied calling to wp-admin directory and add them to the whitelist accordingly.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in solution

    About Me:

    Szabi Kisded

    Hey there, I'm Szabi. At 30 years old, I quit my IT job and started my own business and became a full time WordPress plugin developer, blogger and stay-at-home dad. Here I'm documenting my journey earning an online (semi)passive income. Read more

    Sign up for my newsletter and get the YouTube Caption Scraper WordPress plugin for free
    (worth 29$)!

    All My Plugins In A Bundle:

    My AutoBlogging Plugins:

    My Online Courses:

    A Theme I Recommend:

    Featured Posts:

    To Top