Allowing Access to the wp-admin by IP Address
When you are running a Wordpress site, the wp-admin folder is where the Administrator settings are stored. Limiting access to this folder by IP address can stop something such as a robot (bot) or script from trying to guess your password over and over again. This will help protect your Wordpress installation.
If you haven't already, we'd suggest checking out our article about the WordPress brute force attack that has recently been going on that prompted this article being written.
In this tutorial we will show you how to allow access to the wp-admin folder by IP address, which will protect your Wordpress installation. This can be accomplished by adding a rule to the .htaccess file.
You will need to know your IP address, so that you can 'allow' it. If you do not know your IP address, here is a link to an article on how to find it.
Allow Access by IP:
- Using FTP or the File manager, edit the .htaccess file located in the /wp-admin folder.
- Add the following lines to your .htaccess file, and update with your specific IP address, or the IP addresses you want to 'allow'.
order deny,allow
Save the .htaccess file. Now, if someone tries to access your wp-admin folder, and their IP is not on this allow list, they will get a 500 error:
deny from all
# Whitelist IP #1
allow from 192.16.145.862
# Whitelist IP #2
allow from 192.16.145.863
# Whitelist IP #3
allow from 192.16.145.864
Congratulations, now you know how to protect your Wordpress admin area by allowing access to the wp-admin folder by IP address!
Did you find this article helpful?
Tweet
Category
Wordpress Security
Comments
n/a Points
|
2014-08-23 8:46 pm
I must confess i find your articles quite educative and straight to the point. I intend to host a WordPress site and I am reading up security measures to put in place before I begin. From the list of articles on WordPress Security, can I use solution 1 and 2 on the same WordPress blog? Solution 1 is titled Stopping Unauthorized Login Attempts to wp-admin and wp-login.php in WordPress while solution 2 is titled Allowing Access to the wp-admin by IP Address. Can I use both solutions on one blog? |
Staff 16,266 Points
|
2014-08-25 5:15 pm
Hello Francis,
Using solution 2, allowing only specific IP addresses access to wp-admin will disallow any other unauthorized user to access it. Kindest Regards, Scott M |
n/a Points
|
2014-08-25 4:50 pm
it doesnt' tell how to use a range of IPs if we don't have the same one all the time
|
|
Staff 16,266 Points
|
2014-08-25 5:18 pm
Hello Kelli,
If you have a range all in the same address, (say 1.2.3.0 - 1.2.3.255) then you can simply leave off the last octet. This will allow all addresses beginning with 1.2.3 access. # ALLOW USER BY IP order deny,allow deny from all allow from 1.2.3. Kindest Regards, Scott M |
Help Center Login
Wordpress Security
Related Questions
Here are a few questions related to this article that our customers have asked:
Would you like to ask a question about this page? If so, click the button below!
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!