WordPress is popular opensource content management system and it have many security levels for protecting itself from hackers. But we knew many WordPress sites and blogs are hacked several times. In this post we are explaining how to protect WP admin access by limiting the access with .htaccess.
Before starting you need to took a copy of .htaccess file as backup, you can find it on your /wp-admin/ folder.
Do not edit your .htaccess file in root directory keep this file as it is, and edit the .htaccess file in /wp-admin/ folder. If there is no such file you need to create one with a notepad and name it as .htaccess. Then copy following code to .htaccess file.
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "WordPress Admin Access Control" AuthType Basic <LIMIT GET> order deny,allow deny from all # whitelist Tom's IP address allow from xx.xx.xx.xxx # whitelist Loval's IP address allow from xx.xx.xx.xxx # whitelist Joseph's IP address allow from xx.xx.xx.xxx # whitelist Steve's IP address allow from xx.xx.xx.xxx # whitelist Office IP address allow from xx.xx.xx.xxx </LIMIT>
Don’t forgot to change ‘xx.xx.xx.xxx’ portion with related IPs.
Important: If you add above code then you can access Wp Admin folder from above IP’s. So do it carefully!
You can find your IP by visiting Vishmax IP Tracker