WP Thinker

The WordPress Playground

Protect Your Admin folder in WordPress by Limiting Access in .htaccess file

protect-your-admin-folder-in-wordpress-by-limiting-access-in-htaccess-file

Protecting your admin folder from the hackers is very important. They can steal your information even from a small security weakness. Older versions of WordPress was not able to protect you from this kind of attacks and the hackers used to access the admin folder and easily found the login credentials. WordPress developing team has fixed this by introducing a new feature Protect Admin folder in WordPress by limiting access in .htaccess file which enables the specific access to the wp-admin folder. Users can set their own IP addresses to get access to the admin area, and no others will be able to access the admin folder.

In this guide on How to Protect your admin folder in WordPress by limiting access in the .htaccess file, we are giving you a complete idea about the same. So, follow the simple steps given below to restrict access to the wp-admin folder by configuring the .htaccess file.

How to Protect Admin folder in WordPress by Limiting Access in the .htaccess file

  1. Login to your Hosting account (Most probably Cpanel).
  2. Open your Web disk.
  3. Open /wp-admin/ folder.
  4. Locate the .htaccess file and make a backup of it.
  5. Open the .htaccess file and add the following code to it.
    Note: Don’t edit the .htaccess file in your root folder. Only edit the file which is located in the wp-admin folder. If there is nothing like that, just create a blank file with the name ‘.htaccess’ and paste the following code into it.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist Syed's IP address
allow from xx.xx.xx.xxx
# whitelist David's IP address
allow from xx.xx.xx.xxx
# whitelist Amanda's IP address
allow from xx.xx.xx.xxx
# whitelist Muhammad's IP address
allow from xx.xx.xx.xxx
# whitelist Work IP address
allow from xx.xx.xx.xxx
</LIMIT>

Replace the ‘xx.xx.xx.xxx’ by the IP addresses you want to allow the access. The given IP addresses will be authorized to access the wp-admin area, and others will be blocked from the access.

Avatar for Muhammed Swalih

Muhammed Swalih

A WordPress expert who has been tweaking WordPress functions, plugins, themes and almost everything related to WordPress for the past 5+ years.