Create .htaccess Password for wp-login Page for Your Rackspace Cloud Server or Any Equivalent Server to Protect From Brute Force Attacks. This is among a series of articles to increase the security of unmanaged Rackspace Cloud Server instances. One can start reading from How To Install WordPress on Ubuntu 13.10 on Rackspace Cloud Server for a complete guide to create an unmanaged WordPress Instance.
Create .htaccess Password for wp-login Page : For LAMP Server Only
Apache is more Stable, Secure and Robust web-server software. At least for WordPress, on unmanaged server, it is quite risky to run ngnix. The combination of this security is only for LAMP Server. At least, this measure can decrease the brute force attacks, getting indexed by Google bots etc. Further, we will increase the security of whole wp-admin
folder, wp-config
file to disallow Google bots to scrape data, decrease our risks of privacy and security matter in these PRISM days. As you are using an unmanaged server, 24 hours human security is not present.
Create .htaccess Password for wp-login Page : From Command Line
SSH to your Server.
---
Step 1
=======
Create a folder in a valid path. Ownership must not be given to www-data
(Apache). Command :
1 | mkdir -p /var/passwords |
Hit Enter.
Step 2
=======
Check whether the folder exists now :
1 | cd /var/passwords |
Step 3
=======
Open the .htaccess
file and add these lines. You path must be your’s, difficult to guess and username should be
unique like abhishek. You must not use only abhishek but make it more difficult to guess. We are using username
as an example.
Open the .htaccess
file :
1 | nano /var/www/.htacesss |
We are assuming that your wordpress is installed at /var/www/
Here is a helper video, the steps will be like we have done on our Mac :
append sudo
in front of the above commands if you are not the root. Add these lines (modify for your own) :
1 2 3 4 5 6 | <FilesMatch "wp-login.php"> AuthType Basic AuthName "Restricted Files" AuthUserFile /var/passwords/.htpasswd Require valid-user </FilesMatch> |
Step 4
=======
Run this command :
1 | sudo htpasswd -c /etc/passwords/.htpasswd username |
Again, are using username
as an example. It is a command line wizard which will ask you for password. Restart apache :
1 | sudo service apache2 restart |