HOWTO: Harden your WordPress wp-admin using password protection

Though wp-admin is already secured through login/password authentication, this post will examine to add an additional layer of security.

For the purpose of second layer security htpasswds file will be used.

Create htpasswds file

Use htpasswd command in Linux or OSX to create a htpasswd file. The command to execute  is as below

$ htpasswd -c .htpasswd mydemouser 
New password: 
Re-type new password: 
Adding password for user mydemouser

A file .htpasswd is created in the local directory

$ cat .htpasswd
mydemouser:$apr1$60sgQzdr$C.APpTFtRyjJfpcwQsJB/.

Changes on server hosting WordPress site

1. Copy the .htpasswd file to a directory that’s outside the wp-admin directory

Suggested Directory: /home10/mydemouser/.htpasswds/public_html/wp-admin/passwd/

Change the directory as per your site deployment.

2. Create a .htaccess file in ~/public_html/wp-admin directory and include following

 

AuthName "Restricted Access"
AuthUserFile /home10/mydemouser/.htpasswds/public_html/wp-admin/passwd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user mydemouser

3. Access wp-admin page and confirm an authentication popup window appear. If the page fails with too many redirects error then proceed with the next step.

Stop too many redirects error

4. Edit the .htaccess under ~/public_html and add the following line before WordPress rules start

ErrorDocument 401 default

That’s it – double layer authentication should now be active.

How to fix Admin Ajax issue

If the wp-admin is password protected then it will break the ajax functionality in the front-end ( if it is been used). To fix this issue follow the steps below

1. Edit the .htaccess file in ~/public_html/wp_admin folder and add the following code on the file.

<Files admin-ajax.php>
     Order allow,deny
     Allow from all
     Satisfy any
 </Files>

Disable IPV6 in ubuntu

Here are few methods to disable IPV6 in UBUNTU

Edit Modprobe
You need to edit the aliases file using the following command

sudo vi  /etc/modprobe.d/aliases

Find the line: alias net-pf-10 ipv6
change to

alias net-pf-10 off

If the above change is not working you need to change the following one

alias net-pf-10 off ipv6

Save the file and reboot
Edit GRUB

Edit /etc/default/grub file

sudo vi  /etc/default/grub

Change

GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash”

to

GRUB_CMDLINE_LINUX_DEFAULT=”ipv6.disable=1 quiet splash”

Save and exit the file
Update the grub from the command line

sudo update-grub

Edit sysctl.conf


Edit sysctl.conf file

sudo vi /etc/sysctl.conf

Add following lines

# Disable IPV6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

 save and exit file