How to Restrict Website Login Page Access: A Comprehensive Guide for Website Owners
**Description:**Step-by-step methods to password protect or limit access to specific website login pages using .htaccess, IP restrictions, and WordPress plugins. This guide is tailored for shared hosting customers on HostPresto’s shared hosting, VPS, and reseller hosting plans.
Why Restrict Login Page Access?
Restricting access to your website’s login page is a crucial security step. It helps:
- Prevent brute-force login attempts
- Reduce risk of unauthorized access
- Protect sensitive admin functions
This article covers practical methods you can implement through your HostPresto hosting control panel—no server admin rights required.
Methods to Restrict Website Login Page Access
1. Password Protect a Login Page Using cPanel
You can add an extra password prompt to your login page or admin directory.
Steps:
- Log in to cPanel from your HostPresto client area.
- Go to Files > Directory Privacy (or Password Protect Directories).
- Navigate to the folder containing your login page (e.g.,
/wp-adminfor WordPress). - Click the folder name to select it.
- Tick Password protect this directory.
- Give the protected directory a name (e.g., “Admin Area”).
- Create a user with a username and password for access.
- Click Save.
Now, anyone accessing this folder will see a password prompt before reaching your login form.
2. Restrict Access by IP Address Using .htaccess
You can limit access to your login page or admin area to specific IP addresses.
Steps:
- Open File Manager in cPanel.
- Navigate to your website’s root folder (e.g.,
public_html). - Locate or create a file called
.htaccessin the directory containing your login page. - Add the following code to your
.htaccess:
<Files "wp-login.php">
Order Deny,Allow
Deny from all
Allow from 123.123.123.123
Allow from 234.234.234.234
</Files>
Replace 123.123.123.123 with your own IP address. Add more lines for additional IPs.
- For custom login pages or directories (e.g.,
/admin), use:
<Directory "/home/username/public_html/admin">
Order Deny,Allow
Deny from all
Allow from 123.123.123.123
</Directory>
Update the directory path and IPs as needed.
Notes:
- To find your IP, visit whatismyip.com.
- If your IP changes often (dynamic IP), this method can lock you out—use with caution.
3. Restrict Access Using WordPress Plugins
If you use WordPress, plugins can make restricting access easy.
A. WPS Hide Login
- Change your login URL to something unique so attackers can’t find it.
How to use:
- Install the WPS Hide Login plugin from the WordPress dashboard.
- Go to Settings > WPS Hide Login.
- Set a new login URL (e.g.,
/my-secret-login). - Save changes.
Your default login URLs (/wp-login.php, /wp-admin) will redirect to your homepage or a 404 error.
B. Limit Login Attempts Reloaded (or Similar)
- Limit failed login attempts and block IPs after excessive failures.
How to use:
- Install and activate Limit Login Attempts Reloaded.
- Configure the settings to restrict the number of login attempts and set lockout durations.
Troubleshooting & Tips
Locked Out by IP Restriction?
- If you accidentally deny your own IP, use cPanel File Manager to edit or rename your
.htaccessfile and remove the block. - Alternatively, contact HostPresto support and provide your public IP address for assistance.
Forgot Your Custom Login URL?
- If using WPS Hide Login and you forget the custom login path, use File Manager to rename or delete the
wps-hide-loginplugin folder underwp-content/plugins/. WordPress will revert to the default login URLs.
Password Protection Not Showing?
- Make sure your browser cache is cleared.
- Ensure your directory privacy settings are saved correctly in cPanel.
Additional Security Recommendations
- Always use strong, unique passwords for all admin accounts.
- Enable Two-Factor Authentication (2FA) where possible.
- Keep all software (WordPress, plugins, themes) up to date.
- Regularly back up your website.
Useful Links
If you need further assistance or run into issues, please submit a support ticket with full details so our team can help you promptly.