Protecting your admin folder from hackers is very important. They can steal your information even from a small security weakness. Older versions of WordPress were not able to protect you from this kind of attacks and the hackers used to access the admin folder and easily found the login credentials. The WordPress development team has fixed this by introducing a new feature Protect Admin folder in WordPress by limiting access in the .htaccess file which enables specific access to the wp-admin folder. Users can set their own IP addresses to get access to the admin area, and no others will be able to access the admin folder.
In this guide on How to Protect your admin folder in WordPress by limiting access in the .htaccess file, we are giving you a complete idea about the same. So, follow the simple steps given below to restrict access to the wp-admin folder by configuring the .htaccess file.
Why protect your admin folder in WordPress?
Protecting your WordPress admin folder will prevent hackers from trying to get access to your WordPress backend improving your WordPress security by a mile. If you take your WordPress security as the top priority, you should protect your WordPress admin folder.
As soon as a hacker gets access to your WordPress backend, they can make almost any changes they want to your website. Ultimately, bringing your website down. You can easily prevent this by taking the right measures to eradicate this issue. That is what we are going to take care of in this article.
Steps to protect the admin folder in WordPress by limiting access in the .htaccess file
- Login to your hosting account (Most probably cPanel).
- Open your Web disk.
- Open /wp-admin/ folder.
- Locate the .htaccess file and make a backup of it.
- Open the .htaccess file and add the following code to it.
Note: Don’t edit the .htaccess file in your root folder. Only edit the file which is located in the wp-admin folder. If there is no file like that, just create a blank file with the name ‘.htaccess’ and paste the following code into it.
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist John's IP address
allow from xx.xx.xx.xxx
# whitelist Ronnie's IP address
allow from xx.xx.xx.xxx
# whitelist Amanda's IP address
allow from xx.xx.xx.xxx
# whitelist Work IP address
allow from xx.xx.xx.xxx
# whitelist Another IP address
allow from xx.xx.xx.xxx
</LIMIT>Replace the ‘xx.xx.xx.xxx’ with the IP addresses you want to allow access to. The given IP addresses will be authorized to access the wp-admin area, and others will be blocked from access.
