When you are running a Wordpress site, the wp-admin folder is where the Administrator settings are stored. Limiting access to this folder by IP address can stop something such as a robot (bot) or script from trying to guess your password over and over again. This will help protect your Wordpress installation.

If you haven't already, we'd suggest checking out our article about the WordPress brute force attack that has recently been going on that prompted this article being written.

In this tutorial we will show you how to allow access to the wp-admin folder by IP address, which will protect your Wordpress installation. This can be accomplished by adding a rule to the .htaccess file.

You will need to know your IP address, so that you can 'allow' it. If you do not know your IP address, here is a link to an article on how to find it.

Allow Access by IP:

  1. Using FTP or the File manager, edit the .htaccess file located in the /wp-admin folder.
  2. Add the following lines to your .htaccess file, and update with your specific IP address, or the IP addresses you want to 'allow'.

    order deny,allow 
    deny from all
    # Whitelist IP #1 
    allow from
    # Whitelist IP #2 
    allow from 
    # Whitelist IP #3 
    allow from

    Save the .htaccess file. Now, if someone tries to access your wp-admin folder, and their IP is not on this allow list, they will get a 500 error:
    internal server error


Congratulations, now you know how to protect your Wordpress admin area by allowing access to the wp-admin folder by IP address!


Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Did you find this article helpful?


n/a Points
2014-08-23 8:46 pm

I must confess i find your articles quite educative and straight to the point. I intend to host a WordPress site and I am reading up security measures to put in place before I begin. From the list of articles on WordPress Security, can I use solution 1 and 2 on the same WordPress blog? Solution 1 is titled Stopping Unauthorized Login Attempts to wp-admin and wp-login.php in WordPress while solution 2 is titled Allowing Access to the wp-admin by IP Address. Can I use both solutions on one blog?

16,266 Points
2014-08-25 5:15 pm
Hello Francis,

Using solution 2, allowing only specific IP addresses access to wp-admin will disallow any other unauthorized user to access it.

Kindest Regards,
Scott M
n/a Points
2014-08-25 4:50 pm
it doesnt' tell how to use a range of IPs if we don't have the same one all the time
16,266 Points
2014-08-25 5:18 pm
Hello Kelli,

If you have a range all in the same address, (say - then you can simply leave off the last octet. This will allow all addresses beginning with 1.2.3 access.

order deny,allow
deny from all
allow from 1.2.3.

Kindest Regards,
Scott M

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

Wordpress Security

Related Questions

Here are a few questions related to this article that our customers have asked:
Would you like to ask a question about this page? If so, click the button below!
Need More Help?

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.