How to protect the Wordpress login page

Hackers know that with enough attempts they can crack almost any login page. The technique below prevents them from accessing your page, limiting access to just you or those you include.

Limit access to the Wordpress login page to specific IP or IPs. This is most useful if only one or a few IPs will need access to the page:

1 - login to the control panel and click on the File Manager button

2 - click the Settings button on the upper right, check the box for Show Hidden Files and hit Save

3 - navigate to the folder that contains the wordpress that you want to protect - it may be directly inside your public_html folder, or you could have it installed another folder(s)

4 - make a copy of your current .htaccess file in case you need it again

5 - edit the .htaccess file (note the leading period, which is required) and add the following code to the top of it, replacing the x's with the IP number(s) that will have access:

 

<Files wp-login.php>
# set up rule order
order deny,allow
# default deny
deny from all
# Add IPs for access here
allow from xxx.xxx.xxx.xxx
</Files>
errordocument 401 default
errordocument 403 default
errordocument 404 default

[There are many online resources for finding your IP address, such as ipchicken.com]

If there are multiple IP address that need access, just add additonal allow lines:

<Files wp-login.php>
# set up rule order
order deny,allow
# default deny
deny from all
# Add IPs for access here
allow from xxx.xxx.xxx.xxx
allow from xxx.xxx.xxx.xxx
allow from xxx.xxx.xxx.xxx

</Files>
errordocument 401 default
errordocument 403 default
errordocument 404 default

===================

There are also numerous plugins you can use for protecting it. Be sure to choose a reputable plugin.

[NOTE: if you are using an FTP program, you may have to change a setting so that hidden files (also called dot files) can be seen]

  • 95 Users Found This Useful
Was this answer helpful?

Related Articles

Securing wordpress

General recommendations for keeping wordpress secure, in addition to keeping wordpress itself up...

Wordpress security plugins

Here is some info on wordpress security plugins are helpful for protecting the admin login page...