There are two ways to protect any directory if you are using Apache Web Server. You can manually protect any directory with .htaccess, or using control panel Plesk Onyx. First I will show the easiest way to do it with Plesk Onyx. If you wish to have more options you should jump to manual protecting with .htaccess.
1. Login into your Plesk Onyx, choose a domain and click on “Password-Protected Directories”.
2. Click on “Add Protected Directory” and add directory name. For example /wp-admin.
3. After directory was successfully created it will appear on the list. Click on a selected directory and “Add a User“. Add username and password for selected directory.
Now you are done and your directory is safe. This was the easiest way to do it if you wish to have more options you should do it manually.
1. You need to generate htpasswd file using this generator. Then you need to upload it outside /public_html or /httpdocs directory.
2. Now create .htaccess file and upload it for example in /wp-admin directory with this code:
AuthName “Restricted Access”AuthUserFile /var/www/vhosts/yourdirectory/passwdAuthGroupFile /dev/nullAuthType basicrequire user YourUserName
You must update your username in there. Also, don’t forget to update the AuthUserFile location path.
3. You can deny visitors by IP address by adding next code in .htaccess file:
allow from 255.0.0.0
deny from all
The above lines tell the Apache Web Server to block all visitors except those with the IP address ‘255.0.0.0’, which you should replace with your own IP address.