WordPress - Protect your admin area


You will need to update your .htaccess file to shutdown access to the admin area of your WordPress site from anywhere other than a specified IP address.

Here is an example .htaccess file which restricts access to a single IP address:

# Protect wp-login.php from Brute Force Login Attacks based on IP Address

<FilesMatch "^(wp-login\.php)">

Order Allow,Deny

# Add your website domain name

Allow from example.com

# Add your website/Server IP Address

Allow from

# Add your Public IP Address using 2 or 3 octets so that if/when

# your IP address changes it will still be in your subnet range. If you

# have a static IP address then use all 4 octets.

# Examples: 2 octets: 65.100. 3 octets: 65.100.50. 4 octets:

Allow from 65.100.50.


Did you find this article useful?   0 out of 0 people found this article useful.

Related Articles


Forgot password?
Register now