The MainWP Dashboard Lock Extension allows you to limit access to your Admin area and even redirect Non-WP-Admin pages to a different site making your MainWP Dashboard virtually invisible.
All of these changes can be made without you having to ever edit the .htaccess file yourself.
Frontend Redirect Rules
Make your dashboard front page inaccessible to everyone but you. Easily set a redirect URL, and all hits on Non-WP-Admin pages will be redirected to it. This will make your MainWP Dashboard site virtually invisible.
Dashboard Lock
The Extension allows you to limit access to Admin area pages and to your wp-login.php page to specific IP addresses without having to manually edit your .htaccess file.
Additional IPs can be set up to access your WordPress admin by adding one IP address per line if you access your dashboard from multiple locations.
You can also add a secondary login and password for your Admin area pages and to your wp-login.php page. This is helpful if you have a dynamic IP but still want to add some extra protection to your site.
Frontend Redirect Rules
Redirection is the process of forwarding one URL to a different URL. There are three main kinds of redirects: 301, 302, and meta refresh. It is a way to send both users and search engines to a different URL from the one they originally requested.
Add Frontend Redirect Rules
- Login into your MainWP Dashboard
- Go to the MainWP > Extensions > Dashboard Lock extension page
- Locate the Frontend Redirect Rules option box
- Enter the URL where you want to redirect the traffic
- Click the Save Settings button
Remove Frontend Redirect Rules
- Login into your MainWP Dashboard
- Go to the MainWP > Extensions > Dashboard Lock extension page
- Locate the Frontend Redirect Rules option box
- Delete the URL from the Redirect frontend traffic field
- Click the Save Settings button
Exclude Custom Pages from Redirection
- Login into your MainWP Dashboard
- Go to the MainWP > Extensions > Dashboard Lock extension page
- Locate the Frontend Redirect Rules option box
- Locate the Exclude slugs from the redirection option
- Enter wanted pages (one per line)
- Click the Save Settings button
Important Notes
/wp-json
to the exclusion list.Dashboard Lock
The MainWP Dashboard Lock Extension allows you to set 2 different security rules on your MainWP Dashboard site.
- Limit Access to certain IP addresses
- Set HTTP Basic Authentication to /wp-admin/ and/or wp-login.php pages
You can use one of the two security measures or both at the same time.
Limit Access to certain IP addresses
- Login into your MainWP Dashboard
- Go to the MainWP > Extensions > Dashboard Lock extension page
- Locate the Dashboard Lock option box
- Locate the Allow Login from IP option
- In the provided text area, enter one or multiple IP addresses (each in a new line)
- Click the Save Settings button
After setting this security measure, the /wp-login.php page will be restricted to all visitors except the ones with the whitelisted IP address.
Lock the /wp-admin/ pages
- Login into your MainWP Dashboard
- Go to the MainWP > Extensions > Dashboard Lock extension page
- Locate the Dashboard Lock option box
- Locate the Admin area lock option
- In the provided fields, enter desired Username and Password
- Click the Save Settings button
After enabling the Admin area lock, before accessing any WP Admin page (../wp-admin/..) HTTP Basic Authentication will be required.
Lock the /wp-login.php page
- Login into your MainWP Dashboard
- Go to the MainWP > Extensions > Dashboard Lock extension page
- Locate the Dashboard Lock option box
- Locate the Login page lock option
- In the provided fields, enter desired Username and Password
- Click the Save Settings button
After enabling the Login page lock, before accessing any Login page (../wp-login.php), HTTP Basic Authentication will be required.
Important Notes
If you are having issues with the Admin area lock and Login page lock, please check this document.
Some hosts don’t allow HTTP basic authentication, and this can create an infinite redirection loop. This can make accessing your MainWP Dashboard site hard. In case you experience this issue, please remove Admin area and login page locks. If this doesn’t help, it is highly recommended to contact your host support.
In case you have lost your HTTP Basic Auth credentials, remove Admin area and Login page locks.
HTTP Basic Authentication Not Working
HTTP access authentication is a method for an HTTP user agent to provide a username and password when making a request. It is a technique for enforcing access controls to web resources because it doesn’t require cookies, session identifiers, and login pages. No handshakes should be performed in prediction.
The use of HTTP Authentication with cPanel/WHM is disabled; therefore, the option was removed from the Tweak Settings. It was disabled in cPanel/WHM 11.42 version.
Even though it has been disabled from cPanel/WHM, you can enable HTTP Authentication by modifying /var/cpanel/cpanel.config. Add the line below
skiphttpauth=0
Setting it to 0 means it has been enabled.
After enabling HTTP Authentication & a pop-up will occur.
Remove Dashboard Locks
There are two ways to unlock your MainWP Dashboard site. In case there are no issues with your MainWP Dashboard site, and you can access the Dashboard Lock Extension settings, you will be able to use the Remove Locks button to remove all locks. In case you can’t access your MainWP Dashboard site, locks will need to be removed manually.
Unlock MainWP Dashboard
- Login into your MainWP Dashboard
- Go to the MainWP > Extensions > Dashboard Lock extension page
- Locate the Dashboard Lock option box
- Click the Remove Locks button
It will remove all restrictions from your .htaccess files (Allowed IP Addresses, WP-Admin, and WP-login.php locks)
Manually Remove MainWP Dashboard Locks
Remove IP Address Restriction
- Use your favorite FTP Client to access your MainWP Dashboard site server
- Navigate to the root directory of your MainWP Dashboard site
- Locate the .htaccess file
- Download it
- Open the file in any code editor software
- Remove the code inserted by the Dashboard Lock Extension
# BEGIN MainWP Secure and Clean
// remove code from here
# END MainWP Secure and Clean - Save changes
- Upload the file back to the root directory
Remove Admin area lock
- Use your favorite FTP Client to access your MainWP Dashboard site server
- Navigate to the ../wp-admin/ directory of your MainWP Dashboard site
- Locate the .htaccess file
- Download it
- Open the file in any code editor software
- Remove the code inserted by the Dashboard Lock Extension
# BEGIN MainWP Secure and Clean – Apache Password Protect wp-admin
// remove code from here
# END MainWP Secure and Clean – Apache Password Protect wp-admin - Save changes
- Upload the file back to the ../wp-admin/ directory
Remove Login page lock
- Use your favorite FTP Client to access your MainWP Dashboard site server
- Navigate to the root directory of your MainWP Dashboard site
- Locate the .htaccess file
- Download it
- Open the file in any code editor software
- Remove the code inserted by the Dashboard Lock Extension
# BEGIN MainWP Secure and Clean – Apache Password Protect wp-login.php
// remove code from here
# END MainWP Secure and Clean – Apache Password Protect wp-login.php - Save changes
- Upload the file back to the root directory