As you read the title, you are probably wondering isn’t the wp-admin directory already password protected. You are required to login right. Well that is true, but to add an additional layer of security popular sites often add an extra layer of authentication. Few days ago, we started seeing some suspicious activity on WPBeginner, so our host HostGator advised us to password protect our WordPress admin directory. Apparently popular sites like Mashable do the same. In this article, we will show you a step by step guide on how to password protect your WordPress admin (wp-admin) directory.
在阅读标题时,您可能想知道wp-admin目录是否已受到密码保护。 您需要正确登录。 没错,但是要添加额外的安全层,流行站点通常会添加额外的身份验证层。 几天前,我们开始在WPBeginner上看到一些可疑活动,因此我们的主机HostGator建议我们使用密码保护WordPress管理员目录。 显然,像Mashable这样的热门网站也是如此。 在本文中,我们将向您介绍如何用密码保护WordPress管理员(wp-admin)目录的分步指南。
To keep things easy and simple, we will only cover cPanel web hosting companies here just because cPanel has an easy enough interface to add password protected directories.
为了使事情变得简单,我们仅在此处介绍cPanel Web托管公司 ,因为cPanel具有足够简单的界面来添加受密码保护的目录。
Login to your cPanel. Scroll down till you see the Security Tab. Click on the “Password Protect Directories” icon.
登录到您的cPanel。 向下滚动,直到看到“安全性”选项卡。 单击“密码保护目录”图标。
When you click on that, a lightbox popup will show up asking for directory location. Just click on web root. Once you are there, navigate to the folder where your WordPress is hosted. Then click on the /wp-admin/ folder. You will see a screen like this:
当您单击该按钮时,将显示一个灯箱弹出窗口,询问目录位置。 只需点击网络根目录。 到达那里后,导航至WordPress托管文件夹。 然后单击/ wp-admin /文件夹。 您将看到如下屏幕:
Simply check the box to password protect the directory. Then create a user for the directory. That is it. Now when you try to access your wp-admin directory, you should see an authentication required box like this:
只需选中该框即可对目录进行密码保护。 然后为该目录创建一个用户。 这就对了。 现在,当您尝试访问wp-admin目录时,应该会看到一个要求身份验证的框,如下所示:
手动方式 (Manual Method)
First create a .htpasswds file. You can do so easily by using this generator. Upload this file outside your /public_html/ directory. A good path would be:
首先创建一个.htpasswds文件。 您可以使用此生成器轻松地做到这一点 。 将此文件上传到/ public_html /目录之外。 一个好的方法是:
home/user/.htpasswds/public_html/wp-admin/passwd/
主页/用户/.htpasswds/public_html/wp-admin/passwd/
Then, create a .htaccess file and upload it in /wp-admin/ directory. Then add the following codes in there:
然后,创建一个.htaccess文件,并将其上传到/ wp-admin /目录中。 然后在其中添加以下代码:
AuthName "Admins Only"
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere
You must update your username in there. Also don’t forget to update the AuthUserFile location path.
您必须在那里更新您的用户名。 另外,不要忘记更新AuthUserFile位置路径。
我遇到404错误或重定向过多 (I have a 404 Error or a Too many redirects error)
Well this can happen depending on how your server is configured. To fix this issue, open your main WordPress .htaccess file and add the following code there before the WordPress rules start.
好吧,这取决于服务器的配置方式。 要解决此问题,请在WordPress规则开始之前打开您的主要WordPress .htaccess文件,并在其中添加以下代码。
ErrorDocument 401 default
Well there you have it. Now you have double authentication for your WordPress admin area. This is a good alternative to limiting wp-admin access by IP address.
好吧,你有它。 现在,您已经对WordPress管理区域进行了双重身份验证。 这是通过IP地址限制wp-admin访问的好选择。
Update: Here is how to fix the Admin Ajax Issue
更新:这是解决Admin Ajax问题的方法
If you password protect your WordPress Admin directory, then it will break the Ajax functionality in the front-end (if it is being used). In our case, we don’t have any plugins that is using ajax in the front-end. But if you do, then here is how you fix that issue.
如果您用密码保护WordPress Admin目录,那么它将破坏前端的Ajax功能(如果正在使用)。 在我们的情况下,我们没有任何在前端使用ajax的插件。 但是,如果您这样做,则可以通过以下方法解决该问题。
Open the .htaccess file located in your /wp-admin/ folder (This is NOT the main .htaccess file that we edited above).
打开位于/ wp-admin /文件夹中的.htaccess文件(这不是我们上面编辑的主要.htaccess文件)。
In the wp-admin .htaccess file, paste the following code:
在wp-admin .htaccess文件中,粘贴以下代码:
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
Source: Sivel
资料来源: Sivel