January 27, 2021


USA Hackers

Secure your WordPress

This post aims to provide an extra layer of security both to your wp-admin folder, and wp-login.php file.

First and foremost, this extra layer of security involves blocking every IP except a select few. If your IP is dynamic, it may not be the best option for you. If you have a lot of users that you allow access to your blog, this could become time consuming. If you are the only author on the blog, and you don’t allow registrations anyway – this will be rather simple.

Creating .htaccess

First, let’s get your IP address. Go to IPChicken and make a note of your IP address. Next, download the .htaccess files that have been created for this post.

Once you extract the archive you should see a .htaccess file, and a wp-admin folder with a .htaccess file inside it. Open the main .htaccess file and you should see:

<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from xx.xx.xx.xx

Edit the “Allow from” line to reflect your IP address. To add more IP addresses, add a new line with “Allow from” and the next IP address, and so on. Now, chances are you already have a .htaccess file in your root WordPress folder. If so, edit the file and copy paste the contents of your edited .htaccess file from the zip, and save/re-upload.

Now open the .htaccess file within the wp-admin folder from the zip. You should see something like:

Order Deny,Allow
Deny from all
Allow from xx.xx.xx.xx

Do as you did above. And add any extra ip’s you want to allow in the wp-admin area. Chances are you do not have a .htaccess file in your wp-admin folder, so just upload the edited .htaccess file from the zip to your wp-admin folder.

Have questions? Always welcome to ask in the comment section