Explanation of wp-login.php file protection


This explanation I made due to the many attempts to log in to my blog from some hackers, may God guide them. I do not know what exactly they want. The important thing is that I installed the login lockdown addon, but every time I had to empty the IP table containing the list of IP addresses that are prohibited from logging in, and this is cumbersome, although I found a package of banned addresses in general. I searched a little for a way to prevent access to the wp-file login.php until I found an explanation on one of the sites. Let’s get to the point, so as not to bore you

I found the solution on krystal.co.uk and also used pictures of it with some modifications 🙂

This is the only way I found after a simple search. Most of the ways talk about protecting the wp-admin folder. The best way in my opinion is to protect the wp-login.php file plus add a login lockdown because it will make the hacker make an effort that can insult you 🙂 . The hacker must bypass the firewall, and if he obtains the password, he will find himself exposed to log in again, and if that does not work, he will be banned by adding the login lockout, and in this case we are done with the inconvenience

Now let’s move on to the explanation, it only needs some steps

Create a passwd file

The first thing we go to is the tool on this site  askapache to create the username and password that we will use when trying to log in via wp-login.phpThe password and username must be different from the users used to log in to WordPress also, do not forget to keep them on your computer, you may not remember them or something like that

After entering the sites, you will find the tool as follows:

generate password - WordPress Magazine
Click on the photos to view them in original size

Explanation according to the numbering in the picture

  1. Type the name that you will use, for example, as root, or any other name, provided that the letters are in Latin
  2. Type any password other than the one you used to log in to the blog
  3. Write anything or leave it as is
  4. Leave this place empty

Do not forget to choose the type of encryption MD5 and in the authentication system basic ( Authentication Scheme ) after that click on Generate HTPASSWD to get the username with the password encrypted See the following image:

media_1365937187045

After that we log in to cpanel and go to the location of the files and then go back to the main folder of your account and not to the blog and create a .passwd file See the following image:

cpanel-home-user-path
Click on the photos to view them in original size

As shown in the image above, after creating the file, all you have to do now is copy the user name and the encrypted password that you produced through the previous tool and paste it in the file and save the changes. Now we move on to the next plan

add htaccess code

Now we go to the main site folder or the folder in which you put the WordPress files. We modify the .htaccess file. If you do not find it, create a new file named .htaccess el and then add the following code to it with some modifications

<FilesMatch "wp-login.php">
AuthType Basic
AuthName "Authorized Only"
AuthUserFile /home/username/.passwd
Require valid-user
</FilesMatch>
ErrorDocument 401 default

Change the username (username) to the one you have in the cpanel. After changing the username, save the settings and try logging in to the WordPress control panel.

Do not forget to change the home also in some cases it is home1 or home2If you do not succeed with the method, remove the code from htaccess and contact the technical support of the hosting regarding this matter. The best way is

Here we are, may God help you, and may God’s peace, mercy and blessings be upon you

Leave a Comment