Subscribe to the RSS Feed
FreeWordpressThemes.us
Free WordPress Tutorials and Themes.
Home

Restrict WordPress Admin Access by IP Address

November 30th, 2009 by admin

This is a guest post by Eric Sizemore, a web developer, programmer, and domainer.

In light of recent events, anyone using WordPress is apparently susceptible to what’s being called “Distributed WordPress admin account cracking”. You can view this article for more information. This post aims to provide an extra layer of security both to your wp-admin folder, and wp-login.php file.

Step 1 – Determine Who Will Have Access

First and foremost, this extra layer of security involves blocking every IP except a select few. If your IP is dynamic, it may not be the best option for you. If you have a lot of users that you allow access to your blog, this could become time consuming. If you are the only author on the blog, and you don’t allow registrations anyway – this will be rather simple.

Step 2 – Creating .htaccess

First, let’s get your IP address. Go to IPChicken and make a note of your IP address. Next, download the .htaccess files that have been created for this post.

Once you extract the archive you should see a .htaccess file, and a wp-admin folder with a .htaccess file inside it. Open the main .htaccess file and you should see:

<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from xx.xx.xx.xx
</Files>

Edit the “Allow from” line to reflect your IP address. To add more IP addresses, add a new line with “Allow from” and the next IP address, and so on. Now, chances are you already have a .htaccess file in your root WordPress folder. If so, edit the file and copy paste the contents of your edited .htaccess file from the zip, and save/re-upload.

Now open the .htaccess file within the wp-admin folder from the zip. You should see something like:

Order Deny,Allow
Deny from all
Allow from xx.xx.xx.xx

Do as you did above. And add any extra ip’s you want to allow in the wp-admin area. Chances are you do not have a .htaccess file in your wp-admin folder, so just upload the edited .htaccess file from the zip to your wp-admin folder.

Step 3 – You’re done

And that’s all! :)

Written by - Visit Website

Posted in Theme Labs

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Search Posts


Pages

November 2009
M T W T F S S
« Oct   Dec »
 1
2345678
9101112131415
16171819202122
23242526272829
30  

Blogroll

Link Back

If you like this website, please link us back!

Free Wordpress Themes



or

Free Wordpress Themes



Thank you!

Meta

 
© 2024 FreeWordpressThemes.us
Wordpress Theme by Adii Freelancer | Based on Arcsin's Work
Search Engine Optimization and Design by PPC7.COM