Create an additional username and password to further secure WordPress by protecting the dashboard and login page. This command creates a user called “access” and will ask you for the password twice:
This is a part of “Self hosting WordPress securely in 2018 on FreeBSD with nginx, PHP 7.2, ModSecurity, brotli, Let’s Encrypt SSL” post, these commands will not work by they own.
sh -c 'printf "access:`openssl passwd -apr1`\n"' >> /usr/local/etc/nginx/htpasswd Password: Verifying - Password: chmod 600 /usr/local/etc/nginx/htpasswd chown mysite:mysite /usr/local/etc/nginx/htpasswd
You will be asked for these credentials when accessing /wp-admin directory of your site. This will also stop brute-forcing bots from accessing login page and burdening PHP engine unnecessarily.