Secure WordPress Admin Login

Secure your WordPress Admin login page by restricting access to it. Before you proceed with the steps below, make sure to have a backup of your WordPress website files and database.

Secure WordPress Admin Login via .htaccess

There are two ways in securing your WordPress admin site via .htaccess.

 

Restrict Access by IP address

This process allows access to the WordPress Admin login page only to IP address/es that is/are added to the allowed IP/s. Which means when someone tries to access the login page and the IP address is not added in the allowed IP, they will get an error message.

Step 1. Access WordPress website files through File Manager in the cPanel or FTP.

Step 2. Locate the .htaccess file and proceed to step 4. If you do not have one, create the file.

Via File Manager in the cPanel:

Click New File.

Type in .htaccess and click Create New File.

Via FTP (FileZilla):

Right click on the Remote site and select Create new file.

Enter .htaccess as the file name and click OK button.

Step 3. Add the following content:

Step 4. Edit the .htaccess file.

Via File Manager, right click the .htaccess file and select Code Edit.

Click Edit button.

Via FTP (FileZilla), right click .htaccess and select View/Edit.

Step 5. To show an error page when the site is accessed by other IP addresses, insert the code at the top:

 

Step 6.  Insert the following code if you have a static IP address:

 

Make sure to replace 123.123.123.123 with the IP address you want to allow access. If you do not know what your IP address is, you may access https://www.vodien.com/ip/.

If you have more than one IP address, add the following line:

 

Step 7. Save the changes to the file.

Through File Manager in the cPanel, click Save button.

If this is through FTP (FileZilla), click Yes button to upload it back to the server.

Restrict Access to No Referrer Requests

If your public IP address changes, you can use this to prevent anyone from using scripts to access your WordPress Admin login and allow only proper authenticated logins from the WordPress Admin URL directly.

Step 1. Access WordPress website files through File Manager in the cPanel or FTP.

Step 2. Locate the .htaccess file and proceed to step 4. If you do not have one, create the file.

Via File Manager in the cPanel:

Click New File.

Type in .htaccess and click Create New File.

Via FTP (FileZilla):

Right click on the Remote site and select Create new file.

Enter .htaccess as the file name and click OK button.

Step 3. Add the following content:

Step 4. Edit the .htaccess file.

Via File Manager, right click the .htaccess file and select Code Edit.

Click Edit button.

Via FTP (FileZilla), right click .htaccess and select View/Edit.

Step 5. To show an error page, insert the code at the top:

Step 6.  Insert the following code:

Replace testdomain.com with your actual domain name.

Step 7. Save the changes to the file.

Through File Manager in the cPanel, click Save button.

If this is through FTP (FileZilla), click Yes button to upload it back to the server.

If you are not confident to make any of the modifications mentioned above, you may secure your website with Vodien’s webGuard or have our Application Support Engineers help you with an ad-hoc fee per request.

Secure WordPress Admin Login via Password Protect directory

This process is applicable for both dynamic and static IP address.

Step 1. Log in to the cPanel.

cPanel-Login | FTP password

Step 2. Click Directory Privacy under Files panel.

directory-privacy

Step 3. Locate your WordPress directory and select the /wp-admin.

Step 4. Tick the checkbox “Password protect this directory”.

Step 5. Enter the name for the protected directory and click “Save” button.

Step 6. Create a user. Enter the username and password.

Step 7. Click “Save” button.

The /wp-admin directory is now password protected. Every time you access your WordPress admin URL, you will be asked to enter your username and password.

If you have further questions, please do not hesitate to contact our support team.

Secure WordPress Admin Login

(Visited 324 times, 1 visits today)

Leave A Comment?