Lock Down WordPress login.php and wp-admin Directory

, , , ,

Sometimes securing a site also requires you to lock it down as to who can access the admin area. Here is a modification that can be done to the .htaccess file that will lock down the wp-login.php and also the wp-admin directory to specific IP addresses. Real easy to edit through your cPanel’s File Manager.

ErrorDocument 401 /path-to-your-site/index.php?error=404
ErrorDocument 403 /path-to-your-site/index.php?error=404

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login.php(.*)$ [OR]
#if you change the URL with a plugin you should add another [OR] statement for it.
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^First IP Address$
RewriteCond %{REMOTE_ADDR} !^Second IP Address$
RewriteCond %{REMOTE_ADDR} !^Third IP Address$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

 

Skills

Posted on

April 25, 2016

Submit a Comment

Your email address will not be published. Required fields are marked *