Secure access to WordPress admin using .htaccess
- 08 Feb 2023
- 1 Minute to read
- Print
- DarkLight
Secure access to WordPress admin using .htaccess
- Updated on 08 Feb 2023
- 1 Minute to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Access to your WordPress administrator section can be restricted by IP address by adding rules for the website's .htaccess file. This is located in the public_html folder.
This may assist in mitigating brute force attacks targeting the administrator credentials.
Accessing the .htaccess file
You can access the .htaccess file by either:
- Using 'file manager' in cPanel to navigate to the file and selecting edit.
- SSH - If you have SSH access then you can edit the file using a text editor such as vim or nano.
Restricting access to a single IP address
Add the following rule to your .htaccess file, replacing " 999\.999\.999\.999 " with your own IP address, including the backslashes before the full stops e.g. 221\.121\.55\.145:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^999\.999\.999\.999$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>Restricting access to multiple IP addresses
Add the following rule to your .htaccess file, replacing " 999\.999\.999\.999 " with your own IP addresses, including the backslashes before the full stops e.g. 221\.121\.55\.145
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^999\.999\.999\.999$
RewriteCond %{REMOTE_ADDR} !^999\.999\.999\.999$
RewriteCond %{REMOTE_ADDR} !^999\.999\.999\.999$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>Was this article helpful?