MainWP
MainWP Documentation > MainWP Extensions > Dashboard Lock > Dashboard Lock Extension
Table of Contents

Dashboard Lock Extension

The MainWP Dashboard Lock Extension allows you to limit access to your Admin area and even redirect Non-WP-Admin pages to a different site making your MainWP Dashboard virtually invisible.

All of these changes can be made without you having to ever edit the .htaccess file yourself.

Frontend Redirect Rules

Make your dashboard front page inaccessible to everyone but you. Easily set a redirect URL, and all hits on Non-WP-Admin pages will be redirected to it. This will make your MainWP Dashboard site virtually invisible.

Dashboard Lock

The Extension allows you to limit access to Admin area pages and to your wp-login.php page to specific IP addresses without having to manually edit your .htaccess file.

Additional IPs can be set up to access your WordPress admin by adding one IP address per line if you access your dashboard from multiple locations.

You can also add a secondary login and password for your Admin area pages and to your wp-login.php page. This is helpful if you have a dynamic IP but still want to add some extra protection to your site.

Frontend Redirect Rules

Redirection is the process of forwarding one URL to a different URL. There are three main kinds of redirects: 301, 302, and meta refresh. It is a way to send both users and search engines to a different URL from the one they originally requested.

Add Frontend Redirect Rules

  1. Login into your MainWP Dashboard
  2. Go to the MainWP > Extensions > Dashboard Lock extension page
  3. Locate the Frontend Redirect Rules option box
  4. Enter the URL where you want to redirect the traffic
  5. Click the Save Settings button

Remove Frontend Redirect Rules

  1. Login into your MainWP Dashboard
  2. Go to the MainWP > Extensions > Dashboard Lock extension page
  3. Locate the Frontend Redirect Rules option box
  4. Delete the URL from the Redirect frontend traffic field
  5. Click the Save Settings button

Exclude Custom Pages from Redirection

  1. Login into your MainWP Dashboard
  2. Go to the MainWP > Extensions > Dashboard Lock extension page
  3. Locate the Frontend Redirect Rules option box
  4. Locate the Exclude slugs from the redirection option
  5. Enter wanted pages (one per line)
  6. Click the Save Settings button
Do not add a full-page URL in the box. It’s enough to add just a page slug. For example, if you want to exclude http://yourdomain.com/sample-page/, add /sample-page/ in the box.

Important Notes

WP-Cron: Adding the Frontend Redirect Rules may affect your WP-Cron function. If you notice that scheduled functions are not working, please remove the Frontend Redirect Rules.
REST API: To avoid Frontend Redirect from affecting the REST API functionality, please add /wp-json to the exclusion list.
Dashboard Lock Extension 1

Dashboard Lock

The MainWP Dashboard Lock Extension allows you to set 2 different security rules on your MainWP Dashboard site.

You can use one of the two security measures or both at the same time.

Limit Access to certain IP addresses

  1. Login into your MainWP Dashboard
  2. Go to the MainWP > Extensions > Dashboard Lock extension page
  3. Locate the Dashboard Lock option box
  4. Locate the Allow Login from IP option
    Dashboard Lock Extension 2
  5. In the provided text area, enter one or multiple IP addresses (each in a new line)
  6. Click the Save Settings button

After setting this security measure, the /wp-login.php page will be restricted to all visitors except the ones with the whitelisted IP address.

Lock the /wp-admin/ pages

  1. Login into your MainWP Dashboard
  2. Go to the MainWP > Extensions > Dashboard Lock extension page
  3. Locate the Dashboard Lock option box
  4. Locate the Admin area lock option
    Dashboard Lock Extension 3
  5. In the provided fields, enter desired Username and Password
  6. Click the Save Settings button

After enabling the Admin area lock, before accessing any WP Admin page (../wp-admin/..) HTTP Basic Authentication will be required.

Lock the /wp-login.php page

  1. Login into your MainWP Dashboard
  2. Go to the MainWP > Extensions > Dashboard Lock extension page
  3. Locate the Dashboard Lock option box
  4. Locate the Login page lock option
    Dashboard Lock Extension 4
  5. In the provided fields, enter desired Username and Password
  6. Click the Save Settings button

After enabling the Login page lock, before accessing any Login page (../wp-login.php), HTTP Basic Authentication will be required.

Important Notes

If you are having issues with the Admin area lock and Login page lock, please check this document.

Some hosts don’t allow HTTP basic authentication, and this can create an infinite redirection loop. This can make accessing your MainWP Dashboard site hard. In case you experience this issue, please remove Admin area and login page locks. If this doesn’t help, it is highly recommended to contact your host support.

In case you have lost your HTTP Basic Auth credentials, remove Admin area and Login page locks.

HTTP Basic Authentication Not Working

HTTP access authentication is a method for an HTTP user agent to provide a username and password when making a request. It is a technique for enforcing access controls to web resources because it doesn’t require cookies, session identifiers, and login pages. No handshakes should be performed in prediction.

The use of HTTP Authentication with cPanel/WHM is disabled; therefore, the option was removed from the Tweak Settings. It was disabled in cPanel/WHM 11.42 version.

If you are not comfortable with tweaking cPanel settings by yourself, we highly suggest contacting your host support and asking them to do this for you.

Even though it has been disabled from cPanel/WHM, you can enable HTTP Authentication by modifying /var/cpanel/cpanel.config. Add the line below

skiphttpauth=0
Setting it to 1 means it has been disabled.
Setting it to 0 means it has been enabled.

After enabling HTTP Authentication & a pop-up will occur.

Restart cPanel once you save this file.

Remove Dashboard Locks

There are two ways to unlock your MainWP Dashboard site. In case there are no issues with your MainWP Dashboard site, and you can access the Dashboard Lock Extension settings, you will be able to use the Remove Locks button to remove all locks. In case you can’t access your MainWP Dashboard site, locks will need to be removed manually.

Unlock MainWP Dashboard

  1. Login into your MainWP Dashboard
  2. Go to the MainWP > Extensions > Dashboard Lock extension page
  3. Locate the Dashboard Lock option box
    Dashboard Lock Extension 5
  4. Click the Remove Locks button

It will remove all restrictions from your .htaccess files (Allowed IP Addresses, WP-Admin, and WP-login.php locks)

Manually Remove MainWP Dashboard Locks

Remove IP Address Restriction

  1. Use your favorite FTP Client to access your MainWP Dashboard site server
  2. Navigate to the root directory of your MainWP Dashboard site
  3. Locate the .htaccess file
  4. Download it
  5. Open the file in any code editor software
  6. Remove the code inserted by the Dashboard Lock Extension
    # BEGIN MainWP Secure and Clean
    // remove code from here
    # END MainWP Secure and Clean
  7. Save changes
  8. Upload the file back to the root directory

Remove Admin area lock

  1. Use your favorite FTP Client to access your MainWP Dashboard site server
  2. Navigate to the ../wp-admin/ directory of your MainWP Dashboard site
  3. Locate the .htaccess file
  4. Download it
  5. Open the file in any code editor software
  6. Remove the code inserted by the Dashboard Lock Extension
    # BEGIN MainWP Secure and Clean – Apache Password Protect wp-admin
    // remove code from here
    # END MainWP Secure and Clean – Apache Password Protect wp-admin
  7. Save changes
  8. Upload the file back to the ../wp-admin/ directory

Remove Login page lock

  1. Use your favorite FTP Client to access your MainWP Dashboard site server
  2. Navigate to the root directory of your MainWP Dashboard site
  3. Locate the .htaccess file
  4. Download it
  5. Open the file in any code editor software
  6. Remove the code inserted by the Dashboard Lock Extension
    # BEGIN MainWP Secure and Clean – Apache Password Protect wp-login.php
    // remove code from here
    # END MainWP Secure and Clean – Apache Password Protect wp-login.php
  7. Save changes
  8. Upload the file back to the root directory
Still Have a Questions?
Search for additional solutions in the MainWP Community or start your own discussion
MainWP Community

Still Have a Questions?

Search for additional solutions in the MainWP Community or start your own discussion.
MainWP Community
MainWP Affiliate Disclosure: Some of the links contained in the post or pages are “affiliate links.” This means if you click on the link and purchase or subscribe to a recommended item, We will receive an affiliate commission. We only recommend products or services we believe have value to MainWP users and readers. This is disclosed in accordance with the Federal Trade Commission’s 16 CFR, Part 255: “Guides Concerning the Use of Endorsements and Testimonials in Advertising.
© MainWP - WordPress Management for Professionals 2014 - 2023 - Terms of Service - Privacy Policy - Cookie Policy - Support Policy - Refund Policy
Facebook Twitter Discourse