To set up high-quality protection on the site, you need good qualifications and experience in developing sites, but today I will tell you about one good method of protection. This method will make a double authorization on the site, bypassing which will not be so easy.

Generally 90% sites are hacked due to weak passwords and standard usernames, in many systems there are holes through which you can find out the user's login and WordPress is no exception.. If you set up dual authorization, then in order to hack your site, a hacker will need to try and write a script that will sort out passwords not only for the admin panel.

To protect a WordPress site, I will describe the simple steps that need to be done.

Authentication with Apache on WordPress

Initially, when you try to login, your Apache will send a signal to the browser and the browser in response will display a window with login and password fields for logging in. After entering, the server will receive your data and check if the login matches the special list, also it will compare the password. If everything is entered correctly, then the user will have access to the WordPress login page.

You will only need to enter your username and password once., then the browser will cache the username, password and scope. The window won't bother you anymore, if everything is entered correctly.

Although this type increases the chance to defend against a hacker, but does not protect 100%, since the data from this form will not be encrypted and will be stored in the clear. It is possible to intercept the entered data when transmitting packets. Do not use this type of authentication without additional security measures., especially on commercial sites. It is important to set different passwords for the WordPress admin and this type of authentication.

There is a mod_auth_digest password encryption option, but for this you must be an administrator of the server and be able to configure it.

The sequence of actions to protect the site

На всех сайтах WordPress в корне сайта есть файл .htaccess и рядом с ним необходимо создать файл .htpasswd для генерации содержимого файла .htpasswd можно использовать специальный генератор этого файла htpasswd generator.

After creating the file on your site, wherever you go, the browser will ask for a password. This is useful if you need to close the entire site., but we only need to close the wp-admin directory, а точнее wp-login.php. Для уточнения страницы входа нужно прописать пару команд в .htaccess. После всех настроек в файле .htaccess добавьте несколько новых строк кода.

Sample code below:

If everything was done right, then the protection will only work on the wp-login.php file and authentication data will be requested only on the login page. Important admin replace the .htpaswd file generation service with your login.

To find out the path to the root directory on the server (/home/logn/sitename/www/.htpasswd), The easiest way for you will be to create an info.php file in the root of the site and write a function call in it <?php phpinfo() ?> , then go to the file at the address on your site https://yoursite.com/info.php and find $_SERVER in the window that appears[‘DOCUMENT_ROOT’], opposite you will see the path you need.

Hope, did you like the article, in the comments, who wants to join, write what methods of protection you know.