Protect with .htaccess and .htpasswd:

  1. Create a .htpasswd file:
    Use an online htpasswd generator to create a user and encrypted password.
    Save it outside the public directory (e.g., /home/username/.htpasswd).

  2. Edit your .htaccess file:
    Open the .htaccess file in the root of your WordPress site, or create one in the same directory as wp-login.php:

    <Files wp-login.php>
    AuthType Basic
    AuthName "Restricted Access"
    AuthUserFile /full/path/to/.htpasswd
    Require valid-user
    </Files>

    ⚠️ Replace /full/path/to/.htpasswd with the actual path to your .htpasswd file.

  3. Save and test:
    When you visit wp-login.php, it will now prompt for a username and password before showing the login page.