Protect wp-admin with .htaccess file

WordPress – The most widely used Content Management System (CMS) in today’s internet realm – due to its popularity, is an incredibly attractive target for hackers. The protection of WordPress is very fragile and fragile in the face of attacks. Are you looking for some useful .htaccess tricks for your WordPress site? .htaccess is the most essential file for any website. You can do a lot of things using .htaccess file.

Some useful .htaccess tricks for WordPress that you can try:

1. Protect Your WordPress Admin Area

You can use .htaccess to protect your WordPress admin area by limiting the access to select Ip addresses only. Simply copy and paste this code into your .htaccess file :

Replace xx values with your own Ip address. Each time you want to visit your wp-admin panel  from another location, you would have to add an extra IP address. That is the only downside to this hack, but this will keep your wp-admin folder safe.

2. Ban Suspicious IP Addresses

Are you seeing unusually high requests to your website from a specific IP address? You can easily block those requests by blocking the IP address in your .htaccess file.

Add the following code to your .htaccess file:

Don’t forget to replace xx with the IP address you want to block.

3. Protect .htaccess From Unauthorized Access

As you have seen that there are so many things that can be done using the .htaccess file. Due to the power and control it has on your web server, it is important to protect it from unauthorized access by hackers. Simply add following code to your .htaccess file:

4. Protect Your WordPress Configuration wp-config.php File

Probably the most important file in your WordPress website’s root directory is wp-config.php file. It contants information about your WordPress database and how to connect to it.

To protect your wp-config.php file from unathorized access, simply add this code to your .htaccess file:

5. Password Protect WordPress Admin Folder

If you access your WordPress site from multiple locations including public internet spots, then limiting access to specific IP addresses may not work for you.

You can use .htaccess file to add an additional password protection to your WordPress admin area.

First, you need to generate a .htpasswds file. You can easily create one by using this online generator.

Upload this .htpasswds file outside your publicly accessbile web directory or /public_html/folder. A good path would be :


Next, create a .htaccess file and upload it in /wp-admin/ directory and then add the following codes in there:

Don’t forget to replace AuthUserFile path with the file path of your .htpasswds file and add your own username.

For detailed instructions, see our guide on how to password protect WordPress admin folder.