How to protect WordPress admin login with .htaccess rules

Securing a WordPress admin login is good practice, especially on static WordPress sites that may not have anyone actively logging in. The best way to do this is with a .htaccess set of rules.

The following can be used to restrict access to a single IP address:

RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^123.123.123.123$ RewriteRule ^(.*)$ – [R=403,L]

And replace "123.123.123.123" with your IP address.

If you have multiple IP addresses (such as if you have multiple people logging into wp-admin), you will want to use this:

RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^123.123.123.121$
RewriteCond %{REMOTE_ADDR} !^123.123.123.122$
RewriteCond %{REMOTE_ADDR} !^123.123.123.123$
RewriteRule ^(.*)$ - [R=403,L]

Replace the IPs with authorized IPs.

Every time your IP changes, you will need to update your htaccess with the new IP, however this will increase security on your WordPress site.

Article Details

Article ID:
272
Category:
Date added:
2022-09-04 12:53:59
Views:
9
Rating (Votes):
(0)

Get Hosting