When you are running a Wordpress site, the wp-admin folder is where the Administrator settings are stored. Limiting access to this folder by IP address can stop something such as a robot (bot) or script from trying to guess your password over and over again. This will help protect your Wordpress installation.
If you haven't already, we'd suggest checking out our article about the WordPress brute force attack that has recently been going on that prompted this article being written.
In this tutorial we will show you how to allow access to the wp-admin folder by IP address, which will protect your Wordpress installation. This can be accomplished by adding a rule to the .htaccess file.
You will need to know your IP address, so that you can 'allow' it. If you do not know your IP address, here is a link to an article on how to find it.
Allow Access by IP:
- Using FTP or the File manager, edit the .htaccess file located in the /wp-admin folder.
- Add the following lines to your .htaccess file, and update with your specific IP address, or the IP addresses you want to 'allow'.
Save the .htaccess file. Now, if someone tries to access your wp-admin folder, and their IP is not on this allow list, they will get a 500 error:
deny from all
# Whitelist IP #1
allow from 18.104.22.1682
# Whitelist IP #2
allow from 22.214.171.1243
# Whitelist IP #3
allow from 126.96.36.1994
Congratulations, now you know how to protect your Wordpress admin area by allowing access to the wp-admin folder by IP address!