As we mentioned while using WordPress 2.8.3, our site was attacked in an attempt to hack into our WP-Admin folder. Thankfully WordPress has found the bug and released a security patch in WordPress 2.8.4, but this attack made us take extra security measures with our site. We have limited access to our wp-admin folder by using .htaccess and assigning specific IPs that can access it. Before some hacker kept resetting our password and that was because they could see our wp-admin folder and see the login bar. Now no one but WPBeginner Editors can see our admin panel. In this article, we will show you how you can limit wp-admin folder access by IP address using .htaccess file.

First you need to open your .htaccess file located in your /wp-admin/ folder, and make a backup.

Note: Do not edit your Root .htaccess file, don’t paste these codes in there. It must be /wp-admin/.htaccess if you don’t see that file then create a blank file, name it .htaccess in your wp-admin folder.

Then paste the following code:

01 AuthUserFile /dev/null
02 AuthGroupFile /dev/null
03 AuthName "WordPress Admin Access Control"
04 AuthType Basic
06 order deny,allow
07 deny from all
08 # whitelist Syed's IP address
09 allow from
10 # whitelist David's IP address
11 allow from
12 # whitelist Amanda's IP address
13 allow from
14 # whitelist Muhammad's IP address
15 allow from
16 # whitelist Work IP address
17 allow from
18 </LIMIT>

Paste your IP Address and upload the file.

Now if you have more than one IP make sure you list them there. For example, Work, Home, Vacation IP, if you ever use it. Each time you want to visit your wp-admin panel from another location, you would have to add an extra IP address. That is the only downside to this hack, but this will keep your wp-admin folder safe.

Content Source