We have already shown you how to make your WordPress installation a little bit more secure by restricting unwanted visitors to your login page.
In today’s article, we’re going to show you how to limit access to your WordPress dashboard by IP address. First, you’ll have to know your IP address and make sure that you have a static one. If you have a dynamic IP address, i.e. if you get a new IP address every now and then, this limitation will be useless because you will restrict yourself from logging in. This method is a great security option if you work only from one computer with a static address and don’t have the need for accessing your dashboard from any other location.
There are two different ways of limiting access to one or multiple IP addresses. First, there is a simple method by placing a few lines of code in your .htaccess file while the other one requires you to install a plugin and enter your IP address.
Limit access via .htaccess file:
- Navigate to your .htaccess file (or create one if you don’t have one already)
- Open the file and c/p the following code:
- Change the IP address to your own IP address
- Add multiple addresses if needed.
- Save the file
order deny,allow allow from 127.127.2.11 deny from all
If you want to allow multiple addresses, simply repeat the “allow from 127.127.2.11” line as many times as needed, but don’t forget to change IP addresses.
After you have saved the changes, you’re able to access your WP login page only from IP address you chose.
If you want to ban some IP address, you should enter those to “deny from” line.
IMPORTANT: you most probably don’t have a static IP address (most of us don’t) so don’t be surprised when you can’t access your admin in 1-2 days. It’s just because your IP has changed and it’s not whitelisted.
Use a plugin:
Restricted Site Access
This simple plugin will allow you to control access to your site without entering a single line of code or messing with files on your server. You can limit access to your site for people who are logged in or choose IP address which will be allowed to connect to your site. For unauthorized access, you can choose to display a message or redirect that user to login page, some other address or to the page you create in WordPress.
- Go to Plugins -> Add new
- Search for “Restricted Site Access”
- Install and activate the plugin
- Navigate to Plugins – Installed Plugins and go to settings
- Write down IP address which you want to allow
- Choose how the plugin will deal with unauthorized access
Simple IP Ban
With Simple IP Ban, you can easily restrict specific IP addresses from getting to your site. If you don’t want to mess with the .htaccess file, use this plugin and ban user by IP address in just a few clicks.
- Navigate to Plugins-> Add new
- Find “Simple IP Band, install and activate the plugin
- Under settings, enter IP address and User Agent List you want to ban
- Choose if you want to add a redirect page for banned users
- Save settings
Need more security options for your website? Check out how Security Ninja plugin can help you.