Codeable info

Restrict Admin Access To Certain IP Addresses

Posted on by in WordPress Tutorials

All this talk about extra WordPress security probably has some of our readers a little jumpy. So to help out, we’re going to tell you how to beef up your security just a little bit more, by implementing an IP address filter for admin logins.

What this will adversely requires is a listing of the “actual” IP address for anyone you would like to give admin access to. If you don’t know how to directly find your IP address there are several sites you, or your users, can visit to find out. One such website is WhatIsMyIP.

To begin you will need to create a blank text file named “.htaccess” which will basically control who or what is allowed access to your WordPress enabled site or blog. There may or may not already be an identical file in your wp-admin or main root folder of your site, if there is- you simply need to copy paste the following code into your existing file.

This “.htaccess” file will be located in the main or root directory of your WordPress blog. It will contain the following code:

<Files wp-admin.php>
Order Deny,Allow
Deny from all
Allow from xx.xx.xx.xx
</Files>

Obviously you will need to change the “xx.xx.xx.xx” section to reflect your personal IP address or the IP address of the main admin. If you would like to add alternate IP addresses simply create a new “Allow from xx.xx.xx.xx” line below the existing one and replace the “x’s” with the new IP address.

After we’ve added the above file to the root of our blog however we will need to create one more “.htaccess” text file which will go into our “wp-admin” folder. In the new “htaccess” file (should be our second one) input the following code:

Order Deny,Allow
Deny from all
Allow from xx.xx.xx.xx

Replace the “x’s” in this file with the IP addresses you previously entered and any additional addresses. When completed save the file, and you’re finished!

Make sure there are two “htaccess” files within your blog’s directory; one should be located in the root directory and the other should be located in the main “wp-admin” folder. If both exist, all is well and you can test out your new and improved security protocol!

Comments Closed

Codeable info