How to Protect Your wp-admin Area by Using .htaccess to Limit Access in WordPress

(Last Updated On: January 9, 2019)

There’s no website that is secure to its core. The security of a website is something anyone shouldn’t joke with.

Weak website security, being one of the most disturbing issues among website owners especially websites running any CMS (accronym that stands for Content Management System) software.

This JovialGuide will walk you through on how to protect your wp-admin from unauthorized access. You’ll learn how to add another layer of security to your WordPress administrative area.

Why You Should Protect Your wp-admin

Since your wp-admin area is the administrative center of your WordPress website, it has to be protected.

How would you feel to login to your WordPress website and find out that your posts has been deleted by someone you didn’t grant access? It’s frustrating right?! Especially if you have large traffic.

Protecting your wp-admin area is actually the best thing to do in other to harden the security of your WordPress website.

How to Protect Your wp-admin Area by Using .htaccess to Limit Access in WordPress

Login to your FTP (File Transfer Protocol) client and head over to your WordPress installation folder. Click on wp-admin folder. Next, create a file named .htaccess right into your wp-admin folder. This should be your path public_html » wp-admin.

.htaccess or Hypertext Access is a configuration file used by web servers running Apache webserver software. It is used for configuration of website access issues like shortening of URL, URL redirection etc. Wondering why it’s invisible or hidden in a Unix based environmnt? It’s because of the “dot” before the filename(htaccess). See .htaccess Guide and Tutorial to learn more about .htaccess.

Not to be confused with the .htaccess file in your public_html root folder. In this article, we are looking at the .htaccess file in the wp-admin folder.

Copy, paste and modify the following lines of code to your newly created .htaccess file and save.

AuthUserFile dev/null
AuthGroupFile dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic 
<LIMIT GET>
order deny, allow 
deny from all
# whitelist JovialGuide's IP address 
allow from xxxx.xxxx.xxxx.xxxx
</LIMIT>

Replace JovialGuide with your name also replace xxxx.xxxx.xxxx.xxxx with your IP (Internet Protocol) address and save. If you run a multi-author blog or you have multiple IP addresses, duplicate the below lines of code as many as you want, modify and save.

# whitelist JovialGuide's IP address 
allow from xxxx.xxxx.xxxx.xxxx

If you have to login to your WordPress website from another IP address, you’ll have to white-list the new IP address before being able to access your wp-admin area

WordPress users looking for the best WordPress web hosting provider in 2019, see top 10 best WordPress web hosting service providers in 2019

If you are looking for the best Joomla web hosting provider in 2019, we wrote a JovialGuide that shows you the top 10 best web hosting companies that offer Joomla hosting in 2019. These top 10 best Joomla web hosting service providers in 2019 offer quality Joomla website hosting services.

Magento users aren’t left behind! We also wrote a JovialGuide that lists out the top 10 best Magento web hosting companies in 2019.

Conclusion

You have been able to learn how to limit unnecessary accesses to your wp-admin area which adds another layer of security to your WordPress blog, making it harder for hackers to gain unauthorized access to your WordPress website. One more thing you should know is that no website is absolutely secure to its core.

JovialGuide

We provide comprehensive tutorials. Reach us on Facebook via JovialGuide.

Leave a Reply

Your email address will not be published. Required fields are marked *

 

Shares