Protect WordPress wp-admin by limiting IP access

September 9, 2011 WordPress

One good way to protect your WordPress blog is to limit the IP access to your admin area, i.e. your WordPress wp-admin folder area. First, you need to know the IP address of your connection. If you don’t, you can easily find out by searching “what is my ip” on Google, any one of those sites would happily display the IP you are using.

Open your favourite text editor, copy the following lines:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist this IP address
allow from xxx.xxx.xxx.xxx
</LIMIT>

Replace xxx.xxx.xxx.xxx with your actual IP address. If you want to whitelist more IPs, e.g. maybe the IP of your work computer, etc, add another line of “allow from xxx.xxx.xxx.xxx”. Save the filename as “.htaccess”, without those “.

Upload the file to your wp-admin folder. Do not upload this file to your root folder, or you will overwrite WordPress’s own .htaccess file. Make sure you upload the above file to the wp-admin directory, by default, there isn’t any .htaccess there.

Try to use an online proxy to access your blog wp-admin page, you should see the “page not found” page. On the other hand, without using any proxy, when you access the page yourdomainname/wp-admin, you should see the regular admin logon page, now you can tell that works.