Atomas Studio

How to restrict access to WordPress admin panel only to specific IPs

Couple of weeks ago one of my websites got quite an unusual amount of traffic. Unfortunatelly this was not the traffic I wanted to have – some bot was trying to login to my store’s admin panel using brute-force.

I stopped all of that traffic in just a few minutes. But just in case I added the same functionality to my WordPress site. Here’s example how you can do the same thing too without any plugins or other external tools.

How to restrict access to WordPress admin panel to one or more IP addresses

The solution is quite simple and will work in any WordPress website. But it might not be ideal if you have multiple site administrators and editors who work from different places (and different IP addresses) all the time. You just may not know all the IPs then.

But for those who most of the time use the same computers and smartphones, and use the same IP addresses all the time, it should be great and simple solution.

What you need to do is open .htaccess file in your store’s public (or public_html) folder using Filezilla or other FTP software, and after line # END WordPress add this code:

<IfModule mod_rewrite.c>
<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from 100.101.102.103
</Files>
</IfModule>

Just don’t forget to replace 100.101.102.103 with your IP address.

If you want to allow WordPress admin login from more than one IP address, everything you need to do is add more Allow from 100.101.102.103 lines. Like here:

<IfModule mod_rewrite.c>
<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from 100.101.102.103
Allow from 200.201.202.203
Allow from 250.251.252.253
</Files>
</IfModule>

That’s it – this code will allow WordPress admin login from your IP addresses, and will block access for anyone else.

How to find out what is your IP address

If you have no idea what’s your IP address, the easiest way to find out is to enter what is my ip address to Google, or visit https://whatismyipaddress.com/ .

what is my ip

You can check what is your phone’s IP address the same way. Just don’t forget to disconnect from WiFi while doing it – otherwise you’ll see not your phone’s but WiFi network IP address.

Best managed WordPress hosting

You should also check:

❖ Where to find WordPress database credentials in Cpanel, Directadmin or using FTP
❖ How to track 404 errors, and redirect them in WordPress
❖ How to hide a post or page in WordPress
❖ How to increase WordPress memory from 40MB to any number your server can handle