Are you looking for How to Restrict WordPress Admin Access? To protect the WordPress admin dashboard (wp-admin directory) against hackers, you may use a variety of approaches. One of them is to use a .htaccess file to enable HTTP authentication and password protect the WordPress wp-admin directory. You could even take it a step further. If your internet connection has a set IP address and you are able to get access your WordPress admin dashboard from the same IP every time. Then it is also a good idea to use a .htaccess file to limit/restrict access to the WordPress wp-admin directory to your IP address alone.
When it comes to WordPress security, there are a number of things to consider in order to prevent hackers and vicious from causing damage to your site. Not just the admin areas, but also the content and media files, will be harmed by these intruders/hackers.
Protecting admin pages entails safeguarding both your personal data and that of your users. You must constantly ensure that hackers are unable to enter into your site, steal data, or engage in other illegal activities. If this occurs, it may result in a terrible user experience, especially impacting your brand’s reputation.
You can protect your WordPress site from dangerous attacks using a variety of tools and methods. Some allow for user role limitation, while others simplify the security procedure by requiring simply a password. However, hackers will, attempt brute force attacks to get access to your site.
Are you looking for a more secure solution? So don’t get be panic just read this article carefully and let us look at How to Restrict WordPress Admin Access by IP Addresses from both the backend (admin pages) and the frontend (files & content).
Table of Content:
- Determine the IP Addresses that are Permitted
- Using the .htaccess file, Restrict WordPress Admin Access to a Specific IP Addresses
- Restricting Access to Other Directories
- Restrict Access to WordPress Files and Content by IP Addresses
- WordPress White Security Security Tips
- You Must be Remember
Determine the IP Addresses that are Permitted
If you want to restrict hackers and unwanted people from accessing your site’s backend or frontend, you must first determine which IP addresses should be allowed access.
Your IP address should be the first one authorized. Except for your own, you may deny any addresses. You may retrieve your static IP by searching for “What is my IP?” on Google.
It is difficult to detect and manage your IPs if you operate from home. This is due to the fact that these IP addresses are dynamic and might change constantly. When the IP address changes, you must go back and change the admin IP restriction settings on the .htaccess file.
Using the .htaccess file, Restrict WordPress Admin Access to a Specific IP Addresses
The .htaccess file is a powerful website hidden file that manages your website’s high-level customizations. It allows you to configure your website without editing server files. Using the .htaccess file, you may disable WordPress admin access in three easy steps.
If you already have a .htaccess file in your wp-admin directory, download it using an FTP program and add the following example at the end of it. Create a new .htaccess file in your wp-admin directory if you do not already have one.
Step 1: Save the .htaccess File as a Backup
Before making any changes to the .htaccess file, make a backup of your site to ensure that you can restore anything if something goes wrong.
Step 2: Restrict WordPress Admin Access to a Specific IP Address
The instructions below will show you how to provide access to your admin area to one or more IP addresses. You may change the file in cPanel directly or use a text editor.
- Make a new .htaccess file on your web server.
- Add the following code to the wp-admin/.htaccess file. And Make sure you use your own IP address instead of “188.8.131.52“
order deny,allow # Replace the below 184.108.40.206 with your IP address deny from all allow from 220.127.116.11
The only IP address 18.104.22.168 is allowed to access the WordPress admin dashboard in the example above (wp-admin directory). Remember to change the IP address to your public IP address (22.214.171.124). If you are not sure what your IP address is, then type and search “what is my IP address” into Google.
Allow Several IP Addresses to Access the WordPress Dashboard
Add a new allow from [IP ADDRESS] line to allow access to the WordPress admin dashboard (wp-admin directory) from more than one IP address, as described in the example below.
order deny,allow # Replace the below 126.96.36.199 with your IP address deny from all allow from 188.8.131.52 allow from 184.108.40.206
We are allowing access to both IP addresses 220.127.116.11 and 18.104.22.168 in the example above. You are free to enter as many IP addresses as you like.
Step 3: Restrict Your WordPress Website From Specific IP Addresses
You may restrict a number of Internet Protocol(IP) addresses. if you think them questionable, just as you can authorize certain IPs to access your WordPress admin page.
Malicious bots constantly attempt to get into your WordPress admin using all available Usernames and Passwords. By reviewing your log file, you may quickly detect their IP addresses and ban them.
Add this code to your .htaccess file to restrict people from accessing your admin section from particular IP addresses.
order deny,allow # Replace the below 22.214.171.124 with your IP address deny from 126.96.36.199 allow from all
You have the option of blocking several IP addresses. Simply include more deny from”deny from” lines in the above code.
Restricting Access to Other Directories
The same directives in the .htaccess file may be used to limit access to any other WordPress or website directory by IP address. Simply create a .htaccess file with the restrictions to the directory you want to limit access to.
Restrict Access to WordPress Files and Content by IP Addresses
You should also protect your WordPress content and files, in addition to the admin area. Your members may share login credentials, even if you have safeguarded them with user roles. As a result, unauthorized people may see private content without your knowledge.
Blocking IP addresses from accessing your sites, posts, and media files are strongly recommended. As a consequence, even if people have access to the shared credential information, they will be unable to access your password-protected content and files.
WordPress White Security Security Tips:
Restricting IP addresses alone will not protect your WordPress admin dashboard (wp-admin directory) since IP addresses may be faked. It is suggested that the WordPress wp-admin directory be password protected and that access to it be restricted by IP address.
If you switch internet service providers, your IP address will be changed as well. Do not forget to replace your .htaccess file with the actual IP address. Then you will be able to access your website admin area.
If you like this article and want to support us, then please subscribe to our YouTube Channel (WpFresher – WordPress Tutorials) for many more WordPress video tutorials. You may also find us on Facebook & Twitter.
You May Also Read Our Recently Published Articles:
- Make Money From NameCheap Affiliate Marketing Through Social Media Networks
- How to Add Breadcrumbs in GeneratePress Theme
- What is DA and PA? How to increase DA and PA of a Website?
- Top 15 WordPress Cache Plugins for Speed Up Any Website
- 7 Sites To Create Slides You Need To Know
- Why Do You Need a CDN for Your WordPress Website?
- How to Increase Google AdSense Earnings | 5 Easy Ways
- Google AdSense Eligibility Checker Tool – Check Your AdSense Status
- 7 Essential Elements For A Successful eCommerce Website
- How to Add Breadcrumbs in GeneratePress Theme
- How To Add Breadcrumbs To The League WordPress Theme
Our Small Request, Please, Subscribe to Us!
We will send you notifications for every new blog post. You can unsubscribe at any time.