How to Password Protect Login Page with HTTP Authentication?



HTTP Authentication Password Protect Login Page: There are 60 million WordPress websites, which makes it the world’s most common website construction tool. But this success brings a price. Each single minute of the day, some 90,978 hack attempts are made on the WordPress platform. Although there are different tactics used by hackers to break into a website, a very common and commonly used attack is called a brute force attack. Hackers software bots to try to guess your password correctly in passwords in this form of attacks, which is why you need to encrypt your WordPress login page.

We addressed coming up with a specific username and implementing a secure password in a previous article about login security. It’s an easy way to keep hacker bots out of the web, but there is no absolute assurance that a site can stay stable when it comes to encryption. The internet has never been a particularly secure location, and no protection at all is ever adequate. Therefore, it’s nice for your site to have several layers of security. Although it is necessary to have a specific username and password, locking the login page is also a major move towards security. One way to do it is to encrypt the user page with HTTP authentication by password. We will teach you how you can do it in this article.

What is HTTP Authentication?

HTTP Authentication or HTTP Simple Authentication (BA) is a stringent login page access enforcement technique. Think of a website as a home, to draw a clear parallel. The login page is the main entrance. People can attempt to break into the building, so you need to have a strong lock in place. Beyond the main entrance, there is a fence that gives the house extra security. The lock stands for login credentials. HTTP Security provides the house with a layer of extra security in a related way. This suggests that someone who wants to access the login page must first access the HTTP authentication (the fence) and the login credentials first (main gate).

How to Password Protect Login Page With HTTP Authentication

The first thing you need to do to encrypt your WordPress account with HTTP authentication is to create a file with .htpasswd. And then you will need to alert your website’s .htaccess file about the position of the .htpasswd file. And it will shut the login page down.

How to Create a .htpasswd File?

You can store the usernames and passwords of users you wish to view on the login page in this special file. It’s literally like getting a door to the fence around your building. You can only offer the gate keys to people who would like to have access to your site. Let’s figure out how you can create a file called .htpasswd.

You need to use the .htpasswd command line tool to create a new .htpasswd file. Online, there are many applications available. When you select one that you would like to use, open it and write the following code on the command line:

htpasswd -c .htpasswd harini

C stands for build on this command line, and harini is the user name that we select. When you press enter, after typing this code out, you will be asked to create a password that will be exclusive to this username. Don’t worry; it’ll encrypt your email.


But if you already have a .htpasswd file, then inserting a new username and password is all you need to do. By writing down the following command line, you may do this:

htpasswd .htpasswd rahul

Note how we haven’t used -c here because a new file isn’t being developed.

htpasswd-02A .htpasswd file will normally look like this: username:encrypted password. Then if harini is the username and dummy123pass is the password, the .htaccess file will be: harini:$apr1$50r17zis$lNbFJs4rQFfkp4ToO2/ZS/ToO2/ZS/

The password was encrypted. This .htaccess file is effectively the credentials for HTTP Simple Authentication.

If you don’t want to use a tool, or don’t know how, you can use a generator with .htpasswd. Open this connection and you should be able to see a picture-like window below.

protect-loginpage-HTPasswd-GeneratorType the username of your choosing and the password. To create a random password, there is also an alternative. Hit the button that says Create .htpasswd file until it’s done. You need to be able to display the performance.

Modifying the file with .htaccess

One of the WordPress site’s most critical files is the .htaccess file. For your .htaccess file, there are two things we’ll do. One, we’re going to tell it what it wants to limit, and two, we’re going to tell it where it should get the credentials for HTTP Simple Authentication that we just generated in the above steps.

In the public html folder, .htaccess is stored. You will have to visit your web host account in order to use it. Sign in and go to a website called cPanel on your web host. There, you should be able to find a File Manager option. Click that, and a page will open, and you should be able to access the file on that page.

htaccessIn the public html archive, .htaccess is often concealed and does not appear. What you need to do when that’s the case is go back to cPanel and press File Manager. There will be a popup where you will need to pick ‘Display Secret Files.’

htaccess-hiddenNext, you need to download and then open the file to add the following line code:

<Files wp-login.php>

AuthUserFile /path/to/.htpasswd

AuthName “Private access”

AuthType Basic

require valid-user


When adding this code, you need to bear in mind a few things: AuthUserFile /path/to/.htpasswd-is the path to the .htpasswd file that you just made. Ensure that the route is right. The word ‘valid-user’ informs the device that any user with access to the login page has been listed in the .htpasswd file. But if you want to be careful on who you give access to, you can only list the usernames instead of using ‘valid-user’.

Save it and upload it to the same location from where you downloaded it when you are finished. Which it is. You can see a tiny window appear asking you for specific login credentials the next time you attempt to enter the login tab.

We recommend that you also introduce two-factor authentication in addition to HTTPS authentication, which will add another layer of encryption to your login page for WordPress.

Take a few more security measures, such as switching the website from HTTP to HTTPS, adding a security plugin, securing the login tab, etc. Although it is a smart thing to encrypt your login page, there are other ways in which hackers can obtain access to your website. By following our guide on Full WordPress Protection, we highly recommend that you take a more systematic approach to security.