Este plugin no se ha probado con las últimas 3 versiones mayores de WordPress. Puede que ya no tenga soporte ni lo mantenga nadie, o puede que tenga problemas de compatibilidad cuando se usa con las versiones más recientes de WordPress.

Password Protection


This plugin helps prevent annoyance from multiple brute force login attempts to your site. It does this by adding an additional authentication method. Once you enable the plugin
and enter a username and password ( please use a different username and password than your WordPress admin account ). Any user or bot that attempts to access wp-admin or your login page
will be required to successfully enter the additional authorization details before allowed access to the WordPress login page. You can also set your login page to not allow direct access
without a valid referrer header from your site. Please Note: No security plugin will provide 100% protection from hackers. This plugin simply makes it harder for them to gain access using
automated techniques. Please remember to ALWAYS KEEP UP TO DATE BACKUPS and use STRONG PASSWORDS!!

PLEASE NOTE: Very Limited support will be offered for this plugin but it will be kept up to date and any bugs can be reported on the github page at


  • HTTP Authentication on Chrome, your browser my not look the same but it should be similar.
  • The admin interface.


  1. Upload the password-protection folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Visit the settings page and enter a username and password to be used as the secondary authorization

Preguntas frecuentes

Will this plugin keep my site from being hacked?

NO! No plugin can keep your site from being hacked but this plugin will stop annoying brute force attempts to your login page.

What is a No-Referrer Request?

A No-Referrer Request is a direct request made to your wp-login.php file. Normally when you go to wp-admin and you are not logged in WordPress will redirect you to wp-login.php. When this happens the referrer is from your same domain. Bots and automated scripts normally make direct post requests to wp-login.php without a referrer. This plugin can block all requests without a referrer or requests from a referrer that is not from your domain.

What if I forget my Password?

If you forget your password there is no way to recover it because it is stored as an encrypted hash. If you forget your password you will have to disable the plugin by changing the name of the password-protection using FTP. Once disabled and you log in you can then re activate the plugin and enter a new password on the settings page.


No hay reseñas para este plugin.

Colaboradores y desarrolladores

Este software es de código abierto. Las siguientes personas han contribuido a este plugin.


Traduce "Password Protection" a tu idioma.

¿Interesado en el desarrollo?

Revisa el código, echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios


  • Fixed bug that prevented authentication from activating on certain server configurations
  • Added password confirmation to settings page
  • Better blocking for no-referrer requests to wp-login.php


  • Changed password hashing to use wp_hash_password and wp_check_password *props chrisguitarguy
  • Fixed bug that bypassed block when WordPress was installed in sub directory or query string was appended to url *props chrisguitarguy
  • Block No-Referrer requests option checked by default
  • Added version check and update function to clear current password for upgrading users to force change and use of new password hashing


  • Initial Version