Beginner's Guide for WordPress / Start your WordPress Blog in minutes

How to Password Protect Your WordPress Admin (wp-admin) Directory

Do you want to learn how to password protect your WordPress admin directory?

Adding another layer of password protection to your WordPress admin directory can be a great way to improve your WordPress security.

In this article, you’ll learn how you can password protect your wp-admin directory easily.

How to password protect your WordPress admin (wp-admin) directory

Why Password Protect Your WordPress Admin Directory?

By password protecting your WordPress admin directory, you improve the security of the most important entry point to your website.

Your WordPress admin dashboard is the central hub of your WordPress website. It’s where you’ll publish posts and pages, customize your theme, install WordPress plugins, and more.

Often, when hackers try to get into your website, they’ll do it through the wp-admin screen. You can help to protect your website against potential attacks by using a secure password and limiting login attempts. Password protecting your admin directory is a smart way to add another layer of password protection to your website.

With that said, let’s take a look at how you can password protect your WordPress admin directory step by step. Simply use the quick links below to jump straight to the method you want to use.

Method 1: Password Protect Your WordPress Admin Directory in Your Web Hosting Dashboard

The easiest way to password protect your WordPress admin directory is by going through your WordPress hosting file manager app.

Note: Most web hosts using cPanel, like Bluehost, will have similar steps. However, your dashboard might be slightly different from our screenshots depending on your hosting provider.

First you need to log in to your hosting account dashboard and click on the ‘Directory Privacy’ option in the ‘Files’ section.

Click directory privacy

This brings you to a screen that lists all of the different directories on your server. You need to find the folder that’s for your website.

For most website owners, this can be found by clicking on the ‘public_html’ folder.

Click public_html

This brings up all of the website files you’ve installed on your server.

Next you’ll need to click on the folder with your website’s domain name.

Click domain name folder

In that folder, you’ll see a ‘wp-admin’ folder.

Instead of clicking the folder name, you’ll need to click the ‘Edit’ button next to that folder.

Click edit wp-admin folder

This brings you to a screen where you can turn on password protection.

Simply check the box that says ‘Password protect this directory’, and give your directory a name to help you remember.

Check password protect directory box

Then click the ‘Save’ button.

This will take you to a page where the confirmation message will appear.

Confirmation message click back button

After that, click the ‘Go Back’ button and you’ll be taken to a screen where you can create a user that will be able to access this directory.

You need to enter a username, password, and then confirm the password.

Make sure to note your username and password in a safe place, such as a password manager app.

Enter username and password

Then, make sure you click the ‘Save’ button.

Now, when you log in to your site, you’ll be prompted to enter the username and password you created above.

Password protect WordPress admin example

Method 2: Password Protect Your WordPress Admin Directory by Adding Code to WordPress Files

You can also password protect your WordPress admin directory manually. To do this you’ll need to create a .htpasswd file and a new .htaccess file.

First, open up your preferred text editor and name the new file .htaccess.

After that, you need to copy the following code snippet and add it to the file.

AuthName "Admins Only"
AuthUserFile /home/user/public_html/
AuthGroupFile /dev/null
AuthType basic
require user yourusername

You need to change the ‘AuthUserFile’ path to the location where you’ll upload the .htpasswd file and change ‘yourusername’ to the username you want to use to login.

Then, you need to connect to your WordPress hosting account with an FTP client. For more details, see our beginner’s guide on how to use FTP to upload files to WordPress.

After that, go to the ‘wp-admin’ directory for the site you want to protect and upload the file.

FTP wp-admin directory

Once you’ve done that, you need to create a .htpasswd file.

To do this, open up a text editor and create a file called .htpasswd. This file will list your username along with your password in an encrypted format.

The easiest way to generate an .htpasswd file is to use a htpasswd generator.

Simply enter your username, password, select the encryption format, and click the ‘Create .htpasswd file’ button.

Create htpasswd file

Then, you need to copy the text and paste it into your .htpasswd file.

Finally, you need to save and upload the file to the file path that you specified in your .htaccess file above.

Now your ‘wp-admin’ directory will be password protected.

Troubleshooting WordPress Admin Password Protection

Depending on how your server and website are set up, there’s a chance you might run into errors.

One of the most common errors is Ajax functionality not working on the front end of your site. If you have WordPress plugins that require Ajax, such as live Ajax search or Ajax contact forms, then these plugins won’t work anymore.

To fix this, simply add the following code to the .htaccess file that’s located in your ‘wp-admin’ folder.

<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any 

Another error you might run into is a 404 error or too many redirects error.

The simplest way to fix this is to open up your main .htaccess file located in your website directory and add the following line of code before the WordPress rules.

ErrorDocument 401 default

Note: This is the .htaccess file located in your main website folder, not the one we uploaded to the ‘wp-admin’ folder. If you’re having trouble finding it, then see our guide on why you can’t find .htaccess and how to locate it.

We hope this article helped you learn how to password protect your WordPress admin (wp-admin) directory. You may also want to see our expert picks of the best email marketing services for small businesses and our guide on how to get a free email domain.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit – a collection of WordPress related products and resources that every professional should have!

Reader Interactions

194 CommentsLeave a Reply

  1. What if someone accesses our WordPress admin directory by entering instead of This method only protects wp-admin and not protects wp-login.php. So how it is useful?

    • We’ll see if we can add a method for that type of server when we update this article :)


  2. The first method through cPanel worked like a charm. However, when I logout again from WP and login again it doesn’t ask again for the directory password. Is it meant to ask only once?

    • Your cookies/cache will remember the login information. Normally the next time you start up your computer it will require you to log in again.


  3. The “Password Protect Directories” is not on my cPanel under “securitiy”, so I tried the manual way, but it doesn’t seem to work as it doesn’t ask for login when I open wp-admin…

    • If you reach out to your hosting provider they should be able to assist and take a look if there’s any reason it wouldn’t be working.


  4. Thanks for your efforts!
    I used cpanel method it works fine but the problem is that the password prompt appearing on every page of my website!

    What i have to do so that it appear only at wp-admin page?

    • It sounds like you may have password protected your public_html folder instead of the wp-admin folder. You would want to remove the current protection and attempt to set it up again


Leave a Reply to Izzy Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.