Just occured to me: what’s the point of password protecting www.yoursite.com/wp-admin when a user can just type www.yoursite.com/wp-login.php, bypassing the password on /wp-admin?
Am I missing something here? I’ve ready many blogs/posts that suggest adding this extra layer of protection to wp-admin using .htaccess/.htpasswd.
2 Answers
The protection from .htaccess is for the folder /wp-admin it’s not for the URL
Open up your ftp programme (or download WordPress) and look inside /wp-admin
By only allowing your IP access this folder you’re blocking a lot of possible exploit issues (as mentioned in comments below).
I always prefer to login at mysite.com/wp-admin and not login.php this way, if you’re still logged in to your site, you go straight to the Admin section.
