htaccess protect - Protect your wordpress login or admin pages with password.
Using the password protection will give you extra security layer of protection from brute force hacking attacks. Additionally, it’s also an easy way to password protect your entire site, without needing to create separate WordPress users for each visitor.
When you enable the password protection, the user won’t be able to see anything – not even see the protected page – until he/she inserts the username/password. You can password protect the whole website, including the administrator pages; you can password protect the administrator pages; or you can password protect the WordPress login page.
The plugin options include:
This plugin is originally was based on .htaccess Site Access Control. That plugin was working fine but it was abandoned for years and not compatible with the latest WordPress. Most part of the plugin were refactored and translated.
/wp-content/plugins/zotya-htaccess-protect
directory, or install the plugin through the WordPress plugins screen directlySettings -> htaccess protect
screenYou can choose between the following options:
1. Enabling/disabling the password protection to wp-login.php, WordPress admin pages, and/or the whole site.
2. Modifying the existing users: you can change any .htaccess user’s password and remove the users.
3. Adding a new .htaccess user.
Note that you have to have at least one user to be able to enable any of the options: otherwise you would be locked out!
Since the plugin is protecting your site via modifying .htaccess and .htpasswd files, it works only if these files are writable by WordPress. If the files don’t exist, you can just create empty writable files to the location brought out in the plugin’s warning. You can also see from there which files are already writable and which not.
For accessing your site again, you have to modify two files:
1. .htaccess file in your WordPress root directory (the directory where the file wp-config.php is located);
2. .htaccess file in your WordPress wp-admin folder
From both files, delete everything BETWEEN these two lines:
IMPORTANT: Before modifying either of the files, make a copy of them!
For accessing the files, either use FTP or log in to your web hosting service provider, usually they also enable direct file modification.