By default your WordPress login page is accessible for everyone, anyone can just type /wp-admin or /wp-login.php following to your domain name and reach your site entrance point. So what do they do after entering the gate, they only try to get into your dashboard by attempting different logins. You should continuously be aware of malicious visitors who try to break your site login. Most of the times they automate brute force attacks (some hacking programs) to guess your WordPress username and password. To defend your site from brute force attacks and hackers, you must take various security standards. Here we will examine how to limit access to WordPress login page (wp-login.php) by IP address which uses as the strongest protection act for private blogs.
In the beginning period of this blog, we have published a detailed report about limiting WordPress site from being hacked. If you go through that post, then you will come to know some fundamental level of security tips. To decrease the risk, you have to consider these steps that are you have to maintain secure passwords; you should not use the default username admin, etc. Also, we have posted about restricting the number of login attempts which will be helpful in preventing a user if he tries more than some specified logins. Anyhow the best part in protection would be double locking your WordPress admin directory which adds authentication.
To limit access to WordPress login page by IP address copy the code and paste it in your site’s .htaccess file just above everything. Next, replace xx.x.xxx.xx with your IP address and make sure that your IP address stays static or else you have to change it every time. The second IP address is optional which you can remove if you want. Hope your single authored WordPress blog is much safer than earlier.
How to restrict access to WordPress login page by IP address
Brute force attacks execute by software’s which are intended to gain control to your website. The purpose is it analyzes various combinations of usernames and passwords again and again till it gets success. Due to such powerful attacks, your server runs out of memory and quickly stops responding. If you are the only one running your blog (private blog/website), then you can deny your website login to everybody else except yourself.
<Files wp-login.php>
order deny, allow
Deny from all
# Only allow this IP
allow from xx.x.xxx.xx
# Allow another IP
allow from xx.x.xxx.xx
</Files>
To limit access to WordPress login page by IP address copy the code and paste it in your site’s .htaccess file just above everything. Next, replace xx.x.xxx.xx with your IP address and make sure that your IP address stays static or else you have to change it every time. The second IP address is optional which you can remove if you want. Hope your single authored WordPress blog is much safer than earlier.
0 comments for "How to restrict access to wordpress login page by IP address"