Protect WordPress Login Page with HTTP Basic Authentication

First off, Install Apache Utility Tool for .htpasswd credential setup

image

sudo -s apt install apache2-utils -y

Generate Password for a username

htpasswd -c /var/www/.htpasswd gulshan

where username is gulshan, enter the password. Now, you will see output like this

 root@WordPress:~# htpasswd -c /var/www/.htpasswd gulshan
 New password:
 Re-type new password:
 Adding password for user gulshan

Find hashed password

cat /var/www/.htpasswd

Add below rule in NGINX Server Block

Protect WordPress CMS Login Page

location ^~ /wp-login.php {
satisfy any;
# whitelist yourself (optional)
# allow XXX.XX.XXX.XXX; # <-------- Type here Office IP Address
deny all;
 auth_basic           "Restricted Area";
 auth_basic_user_file /var/www/.htpasswd;
 fastcgi_pass unix:/run/php/php7.4-fpm.sock;
 include fastcgi_params;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}

Test Configuration

nginx -t

Reload NGINX Configuration, exit.

service nginx reload && exit

Apache2

If you are an Apache user, use below rule in the .htaccess file

<Files wp-login.php>
AuthUserFile /var/www/.htpasswd
AuthName "Private access"
AuthType Basic
require valid-user
</Files>

Or in the .conf block file, then reload Apache2 server

Thanks for reading!

3 Likes