The Apache web server has a built-in mechanism that allows you to assign a required password for a folder, which is separate from your WordPress password.

Quick Blog Security Tips

Security is important enough that I felt it necessary to include some extra tips here. This is by no means a complete list, but you should look into them anyway.

Make sure you are running the latest version of WordPress and all your plugins. You should consider subscribing to BlogSecurity. net, a blog that attempts to cover security news about blogging platforms. Make sure that your file permissions are set correctly according to the WordPress guidelines. Make sure you are using tough passwords for all accounts. Make sure that you are backing up your entire WordPress installation and database. Lock down your administration folder with . htaccess rules (covered here)

Assigning a Password to wp-admin Directory Manually

Create a file named .htaccess in your wp-admin directory, and add the following contents:

You’ll need to adjust the AuthUserFile line to use the full path to the .htpasswd file we’ll create in the next step. You can find the full path by using the pwd command from the shell prompt.

Next you’ll need to use the htpasswd command line utility to create the password file. I would also advise that you use a different user account and password than you use for your WordPress installation.

You’ll want to make sure you are in the directory specified by AuthUserFile, and change “myusername” to something unique for your site. This will create a file with contents similar to the following:

At this point you should be prompted for a password when you navigate to your WordPress administration panel. You’ll notice that “Restricted Area” is the text from the .htaccess file, which could be changed to anything else.

If you get a server error instead, you should probably remove the .htaccess file and start over.

Lastly, you should make sure that you remove write permissions to both files with the chmod command as one more layer of security.

.htaccess Password File Generator

chmod 444 .htpasswd

There’s a great tool from Dynamicdrive that will do all the hard work of creating the file for you. This is especially useful if you don’t have shell access to your server, because you can just upload the files via your FTP/SFTP client.

http://tools.dynamicdrive.com/password/

You should still make sure that you remove write access once the files are uploaded.