WordPress Access in cPanel
The WordPress Access application gives you access to two different tools, both related to WordPress security:
- Password Protected Directory - adds additional security layer (user and password) when logging into WordPress administration.
- Manage Users - provides the ability to manage users and their access levels in a WordPress site.
In this article, we'll take a detailed look at how to use both tools.
First log in cPanel and in the WordPress Management section click the WordPress Access link:
On the next screen you'll see a table, containing the following information for each WordPress site in the hosting:
- Name - shows site's name;
- URL - link to load the site in a new browser window;
- Path - path to the site's installation directory;
- Version - shows the WordPress version;
- Action - contains buttons for accessing the Password Protected Directory and Manage Users tools.
Password Protected Directory
By clicking on the Password Protected Directory button we open its management panel:
Here we create a new user and password by fulfilling the appropriate fields. We'll need this information later to pass the first security layer (window) before logging in administration. Click the Save button to save the data.
Two new elements will appear in the panel:
- Protection Enabled label;
- Disable button;
The new user name is added in the table. We can change the user's password by entering directly a new password in the text box and clicking the Change Password button.
Now, if we try to log in our WordPress administration, before the default WordPress login window appearance, an additional window will load on the screen - here we must enter the name of the created new user and its password, and click the Sign in button:
If at the moment of creating the new user we were logged in to the administration, clicking on any link in the administration will load the additional login window.
If a user can not supply the correct login data in the first security window, they'll be unable to reach the default WordPress login window because the browser will load Authorization error screen.
In this way, we are creating a second protection layer for our WordPress administration.
Clicking the Remove User button deletes the user, but if there are no other created users, we also need to disable the protection by clicking the Disable button, since the user removal does not disable the protection. If the protection is not disabled, it will continue to load the security window and if we do not provide valid user data, we can not log in WordPress administration.
If we want to remove the protection while still having valid users by clicking the Disable button, the system will show a warning message that all users will be deleted if we confirm the deletion:
When the OK button is clicked, all users are deleted and the protection gets deactivated.
The Manage Users tool enables us to create WordPress users and assign them different access levels (roles).
To create a new user, we need to enter the following information in the fields:
- User - username;
- Email - email address;
- Role - we must select one of the standard WordPress access levels from the drop-down list;
- Password - password (minimum 5 characters long).
When the Add User button is clicked, the information is saved and the user is saved in the table below:
If we go into the WordPress administration we will see that the same user is successfully registered with the data we entered in cPanel:
To change the user password enter a new password in the text box next to the user name and click the Save Changes button.
To delete a user, click the Remove User button and transfer the ownership of its documents (articles, comments) to another user from the drop-down list:
A confirmation window will pop up, where we must confirm the deletion by clicking the OK button: