My WordPress site was under brute force attack, How can I setup a pop-up login interface with .htaccess and .htpasswd
Option 1
If your site host on cPanel, please following the follow steps
- Log into your cPanel and click on the Password Protect Directories icon found under Security.
- Choose Web Root (you may also need to select Show Hidden Files)
- Click on the name of the directory that you wish to password protect.
- Check the box for Password protect this directory.
- Fill in Name the protected directory field. This will be the message shown to visitors when they try to login and can be anything you like.
- Click on the Save button below.
- Click Go Back.
- Fill in a Username and Password at the bottom of the page, and click Add/modify authorized user.
Option 2
- Create a file named .htpasswd and place it above your root directory, so visitors can’t access it.
- Create an encrypted password using either a utility such as the command line program htpasswd or Online Htpasswd Generator
- Place the generated .htpasswd information into the .htpasswd file.
- Navigate to the directory where the file(s) that you would like to password protect lie.
- Create/Modify a .htaccess and insert the following example code
<FilesMatch "examplefile.extension"> AuthName "Member Only" AuthType Basic AuthUserFile /path_of_htpasswd/.htpasswd require valid-user </FilesMatch>