Why should I password protect WP-Admin?

The protection from .htaccess is for the folder /wp-admin it’s not for the URL

Open up your ftp programme (or download WordPress) and look inside /wp-admin

By only allowing your IP access this folder you’re blocking a lot of possible exploit issues (as mentioned in comments below).

I always prefer to login at mysite.com/wp-admin and not login.php this way, if you’re still logged in to your site, you go straight to the Admin section.

Related Posts:

  1. “Too many redirects” ONLY when trying to access wp-admin page
  2. Use a different domain for SSL
  3. .htaccess in wp-admin produces a redirect loop
  4. Change Login URL Without Plugin
  5. Securing wp-admin folder – Purpose? Importance?
  6. Wrong canonical link on wp-admin pages
  7. WordPress in sub directory wp-admin problem
  8. Options for restricting access to wp-admin
  9. .htaccess rewrite rule for removing .php extension with exception of wp login and wp-admin
  10. Can’t access admin dashboard with wp-admin without /index.php after it
  11. How to change “wp-admin” to something else without search-replacing the core?
  12. Call to undefined function insert_with_markers
  13. Block access to wp-admin
  14. Cannot log into WordPress Dashboard after removing/adding .htaccess
  15. Should I add the IP of the server that hosts my sites to the list of authorized IPs in the wp-admin/.htaccess?
  16. Which HTTP headers to use for subdomain embedding?
  17. CDN + WP Admin Query – .htaccess redirection
  18. From 403 error to 500 internal server error
  19. Cannot Access Admin Area After Migration
  20. Wrong wp-admin URL
  21. How do I host WordPress on a hidden domain through a reverse proxy?
  22. How to Change The WordPress Login URL Without Plugin
  23. 404 redirect wp-login and wp-admin after changing login url [closed]
  24. How login is possible, if I deny login page via .htaccess with allow ip
  25. Redirect an entire WordPress site on a subdomain, except wp-admin
  26. Blank page when viewing wp-admin
  27. wp-admin going directly to 404
  28. WordPress /wp-admin redirect to wrong port in docker
  29. wp-admin and wp-login.php not Accessible after Cloudflare
  30. Disabling WP-Admin Caching in htaccess
  31. Limit access to wp-admin but still be able to log in from different locations?
  32. SSL doesn’t deliver parts of WordPress Administration Module
  33. Making WP Admin Folder accessable JUST under a different link
  34. Couple questions about .htaccess, login page, updates
  35. How can we make managing lots of pages in WordPress Admin better?
  36. How to redirect/rewrite all /wp-login requests
  37. Show all post tags on post edit screen/sidebox
  38. Add “external” link to admin menu in the backend
  39. How can I enable Google Analytics on a file download link?
  40. What is the best method to close off the backend?
  41. Change the link of ‘Howdy’ at the top right
  42. wp-admin pages return ERR_EMPTY_RESPONSE
  43. Reorder custom submenu item
  44. Unwanted redirect in admin area
  45. How to move wp-admin login page to another location? [closed]
  46. WP-admin giving 404
  47. File exceeds upload_max_filesize, despite max filesize being large enough
  48. Can’t access dashboard, connection times out (other pages work fine)
  49. Getting post meta data, while editing a post in wp-admin panel [closed]
  50. Adding HTML/Text to Top of Subscriber’s Profile Backend Page
  51. submit for review issue
  52. wp-admin does not redirect to dashboard
  53. Change WP-Login or WP-Admin
  54. Custom roles showing HTML entities in title form field
  55. WordPress address URL keeps dropping the www
  56. How to show postmeta in custom columns for the posts screen?
  57. How can I remove the user avatar from admin toolbar?
  58. How to stop – Database Update Required – from happening again?
  59. using wp_sprintf at wordpress option page,
  60. Can’t login to Dashboard when changing site URL to HTTPS
  61. Not Found (404) error on admin page, CSS gone on blog
  62. Remove All in One Pack from the admin bar
  63. Disable wordpress reordering functions in backend screen element
  64. transition_post_status not working via Quick Edit
  65. Enque script based on url paramater
  66. WordPress server change – slow admin login time for first time
  67. I can´t access my admin panel. I tried all possible solutions
  68. Ajax solution similar to WP Categories functioning in Admin area
  69. Difference between admin and user admin
  70. Hooks: admin_footer and admin_print_footer_scripts not working?
  71. Editing edit-tags.php page in wp-admin
  72. What is the correct way to get only display plugin for Administrator Only
  73. displaying an error before update_post_meta
  74. Browse Happy in 3.2
  75. Adding Notification Bubble on Admin Top Bar
  76. Outputting something based on the presence of post variable in admin screens
  77. WordPress site stopped working after simply opening header.php in the wp-admin editor
  78. Ajax requests from front-end with jQuery Fancybox
  79. Dismiss Admin Pointer Temporarily
  80. WordPress menu to change page title
  81. Performance-issue in WP-admin with a lot of posts
  82. Disable some features in Admin
  83. Don’t run code if in customizer or privew
  84. What hooks should you use to create a table only once?
  85. Redirect WordPress login for customers but not admin
  86. Unable to open specific posts on WP Dashboard [duplicate]
  87. How to list newly ftp added HTML webpage under Pages section of wp-admin?
  88. Hi everyone, I have Problem with using wp_die()
  89. WordPress wp-admin Page
  90. Disable flyout (popup) menus in backend
  91. Random HTTPs redirections at admin area in shared hosting
  92. Blank sign in page
  93. add_post_meta displays in admin edit area
  94. Forcing WordPress Administration onto a separate SSL Host
  95. How to prevent Google adsense invalid impressions while performing admin tasks on my wordpress site?
  96. What is the point of new confirm admin email process?
  97. ‘Too many redirects’ error after changing site URL in WordPress [closed]
  98. Is it possible to tell if a user is logged into WordPress from looking at the cookies which are set?
  99. Extend user search in the Wp backend area on the users.php page to allow for searching by email domain and role from the “users search” input box
  100. Cannot Access wp-admin
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)