How to Restrict WordPress Admin Access by IP Addresses

Are you looking for How to Restrict WordPress Admin Access? To protect the WordPress admin dashboard (wp-admin directory) against hackers, you may use a variety of approaches. One of them is to use a .htaccess file to enable HTTP authentication and password protect the WordPress wp-admin directory. You could even take it a step further. If your internet connection has a set IP address and you are able to get access your WordPress admin dashboard from the same IP every time. Then it is also a good idea to use a .htaccess file to limit/restrict access to the WordPress wp-admin directory to your IP address alone.

When it comes to WordPress security, there are a number of things to consider in order to prevent hackers and vicious from causing damage to your site. Not just the admin areas, but also the content and media files, will be harmed by these intruders/hackers.

Protecting admin pages entails safeguarding both your personal data and that of your users. You must constantly ensure that hackers are unable to enter into your site, steal data, or engage in other illegal activities. If this occurs, it may result in a terrible user experience, especially impacting your brand’s reputation.

You can protect your WordPress site from dangerous attacks using a variety of tools and methods. Some allow for user role limitation, while others simplify the security procedure by requiring simply a password. However, hackers will, attempt brute force attacks to get access to your site.

Are you looking for a more secure solution? So don’t get be panic just read this article carefully and let us look at How to Restrict WordPress Admin Access by IP Addresses from both the backend (admin pages) and the frontend (files content).

Table of Content:

Determine the IP Addresses that are Permitted

If you want to restrict hackers and unwanted people from accessing your site’s backend or frontend, you must first determine which IP addresses should be allowed access.

Your IP address should be the first one authorized. Except for your own, you may deny any addresses. You may retrieve your static IP by searching for “What is my IP?” on Google.

It is difficult to detect and manage your IPs if you operate from home. This is due to the fact that these IP addresses are dynamic and might change constantly. When the IP address changes, you must go back and change the admin IP restriction settings on the .htaccess file.

Using the .htaccess file, Restrict WordPress Admin Access to a Specific IP Addresses

The .htaccess file is a powerful website hidden file that manages your website’s high-level customizations. It allows you to configure your website without editing server files. Using the .htaccess file, you may disable WordPress admin access in three easy steps.

If you already have a .htaccess file in your wp-admin directory, download it using an FTP program and add the following example at the end of it. Create a new .htaccess file in your wp-admin directory if you do not already have one.

Step 1: Save the .htaccess File as a Backup

Before making any changes to the .htaccess file, make a backup of your site to ensure that you can restore anything if something goes wrong.

Step 2: Restrict WordPress Admin Access to a Specific IP Address

The instructions below will show you how to provide access to your admin area to one or more IP addresses. You may change the file in cPanel directly or use a text editor.

  • Make a new .htaccess file on your web server.
  • Add the following code to the wp-admin/.htaccess file. And Make sure you use your own IP address instead of “
order deny,allow
# Replace the below with your IP address
deny from all
allow from

The only IP address is allowed to access the WordPress admin dashboard in the example above (wp-admin directory). Remember to change the IP address to your public IP address ( If you are not sure what your IP address is, then type and search “what is my IP address” into Google.

Allow Several IP Addresses to Access the WordPress Dashboard

Add a new allow from [IP ADDRESS] line to allow access to the WordPress admin dashboard (wp-admin directory) from more than one IP address, as described in the example below.

order deny,allow
# Replace the below with your IP address
deny from all
allow from
allow from

We are allowing access to both IP addresses and in the example above. You are free to enter as many IP addresses as you like.

Step 3: Restrict Your WordPress Website From Specific IP Addresses

You may restrict a number of Internet Protocol(IP) addresses. if you think them questionable, just as you can authorize certain IPs to access your WordPress admin page.

Malicious bots constantly attempt to get into your WordPress admin using all available Usernames and Passwords. By reviewing your log file, you may quickly detect their IP addresses and ban them.

Add this code to your .htaccess file to restrict people from accessing your admin section from particular IP addresses.

order deny,allow
# Replace the below with your IP address
deny from
allow from all

You have the option of blocking several IP addresses. Simply include more deny from”deny from” lines in the above code.

Restricting Access to Other Directories

The same directives in the .htaccess file may be used to limit access to any other WordPress or website directory by IP address. Simply create a .htaccess file with the restrictions to the directory you want to limit access to.

Restrict Access to WordPress Files and Content by IP Addresses

You should also protect your WordPress content and files, in addition to the admin area. Your members may share login credentials, even if you have safeguarded them with user roles. As a result, unauthorized people may see private content without your knowledge.

Blocking IP addresses from accessing your sites, posts, and media files are strongly recommended. As a consequence, even if people have access to the shared credential information, they will be unable to access your password-protected content and files.

WordPress White Security Security Tips:

Restricting IP addresses alone will not protect your WordPress admin dashboard (wp-admin directory) since IP addresses may be faked. It is suggested that the WordPress wp-admin directory be password protected and that access to it be restricted by IP address.


If you switch internet service providers, your IP address will be changed as well. Do not forget to replace your .htaccess file with the actual IP address. Then you will be able to access your website admin area.

If you like this article and want to support us, then please subscribe to our YouTube Channel (WpFresher – WordPress Tutorials) for many more WordPress video tutorials. You may also find us on Facebook & Twitter.

You May Also Read Our Recently Published Articles:

Our Small Request, Please, Subscribe to Us!

We will send you notifications for every new blog post. You can unsubscribe at any time.

Leave a Reply