I have a number of WordPress websites. Many of them are for training, testing, development tasks that are online, but I don’t want the general public visiting. Many of these sites I don’t visit very often, so keeping them updated is a task that I would rather not do.
Until recently, I had a number of limit login type plugins (https://wordpress.org/plugins/wp-limit-login-attempts/) – these works well, but are not without problems. I’ve been locked out myself many times for unknown reasons. Other times, the plugin didn’t work right now my site was still getting hit hard by login attempts.
For my production websites, I can take other measures to make sure my site is safe and secure. But on non production websites, I wanted an easier option.
So I came across WP htpasswd (https://wordpress.org/plugins/wp-htpasswd/) and I love it!
It’s an amazing plugin that works differently then other security plugins. Instead of acting at the software level, it acts at the server level.
When you setup the plugin, it asks you to set a username and password,
When you try to access your site, it looks like this:
If you don’t enter your username and password correctly, you get:
Simply set a very hard username and password. My favorite site for this is (https://passwordsgenerator.net/) – make a nice 30 character password, save it somewhere safe, and your non production WordPress site that you don’t use very often is nice and safe!