How to prevent from WordPress wp-admin&wp-login.php unauthorized attempts

Step 3: Click on your wp-admin directory
 

Step 4 : Check Password protect this directory, give it a name, then click Save.
 

Step 5 : Then click on Go Back

Step 6 : Click on Password Generator.
 Click on Generate Password a few times, and copy your password.
 Check I have copied this password in a safe place.
 Then click Use Password.

Step 7 : Now type in a Username, then click on Add/modify authorized user.

Step 8 : Try to access your /wp-admin directory.

Your browser will prompt you for the username/password you just created.
Type them in, and click Log In
Step 9 : Then, Your normal WordPress admin login page should now display.

Step 10 : Now go back to cPanel.
Under the Files section, click on File Manager.
Select the Document Root for your domain.
Check Show Hidden Files (dotfiles), then click Go.

Step 11 : Go to below location
public_html /wp-admin/.htaccess
Right click and click on edit

Step 12 : Copy all the code in the .htaccess file.
While you still have the /wp-admin/.htaccess file open, also go ahead and add the code in bold :
 

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

# Allow plugin access to admin-ajax.php around password protection

Order allow,deny
Allow from all
Satisfy any

AuthType Basic
AuthName "Secure Area"
AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
require valid-user

Step 13 : Edit .htaccess file under public_html
Now paste below code in-between some tags.
 

and then click SAVE

Step 15 : Now if someone tries to directly login via wp-login.php they will be prompted for a valid user as well.

Step 16 :  When a user enters invalid credentials are, they will get an Authorization Required error. They will then not be able to attempt to login to your WordPress admin directly.

This article will help you to protect your wordpress admin login from unauthroized login attempts

 

Tagged in:

• wordpress
• wp-admin