MY NUMBER 1 RECOMMENDATION TO CREATE FULL TIME INCOME ONLINE: CLICK HERE
Do you want to restrict IP address access to your wp-login.php file in WordPress?
The WordPress login page is often attacked by DDoS attacks and hackers to gain access to your website. Restricting access to specific IP addresses can effectively block such attempts.
In this article, we will show you how to easily restrict IP access to your wp-login.php file in WordPress.
Why restrict access to wp-login.php by IP address?
Application page for a WordPress website (usually wp-login.php) where users log in to your site.
As a site owner, it gives you access to WordPress admin area where you can perform website maintenance, write content and manage your website.
But common brute force attacks are known on the internet to target the wp-login.php page to access websites. Even if they fail to get in, they can still slow down your site or even crash it.
One way to deal with this situation is to block the IP addresses from which the attacks come (we will talk about this later in the article).
An IP address it is like a phone number that identifies a particular computer on the Internet. Hackers can use software to change their IP addresses.
However, more sophisticated attacks use a larger pool of IP addresses and it may not be possible to block all of them.
In this case, you can restrict access to certain IP addresses used by you and other users on your website.
With that in mind, let’s see how to easily restrict access to the wp-login.php file with specific IP addresses in 3 different ways, including a cloud security firewall.
1. Restrict access to WordPress login page by IP address
For this method you will need to add some code to your .htaccess file.
The .htaccess file is a special server configuration file that resides in the root folder of your website and is accessible using FTP or the File Manager application on your WordPress hosting The Control Panel.
Simply connect to your WordPress site via an FTP client and edit yours .htaccess file by adding the following code to the top.
<Files wp-login.php>
order deny,allow
Deny from all
# whitelist Your own IP address
allow from xx.xxx.xx.xx
#whitelist some other user's IP Address
allow from xx.xxx.xx.xx
</Files>
Remember to replace XX with your IP addresses. You can easily find your IP address by visiting SupportAlly pages.
If you have other users who also need to log in to your site, you can ask them to provide their IP addresses. You can then add them to your .htaccess file as well.
Here is another example of the code mentioned above.
<Files wp-login.php>
order deny,allow
Deny from all
# Whitelist John as website administrator
allow from 35.199.128.0
#Whitelist Tina as Editor
allow from 108.59.80.0
# Whitelist Ali as moderator
allow from 216.239.32.0
</Files>
Now users with these IP addresses will be able to view the wp-login.php file and login to your website. Other users will see the following error message:
2. Blocking certain IP addresses from accessing your website
This method is the exact opposite of the first method.
Instead of restricting access to your WordPress login page to specific IP addresses, you will be able to block IP addresses that are being used to attack your site.
This method is particularly useful for WordPress Membership Websites, e-commerceor other websites where multiple users must log in to access their accounts.
The disadvantage of this method is that hackers can change their IP addresses and continue to attack your website.
Fortunately, many common WordPress hacking attempts use a fixed set of IP addresses, making this method effective in most cases.
Step 1: Find the bad IP addresses you want to block
First, you need to find the IP addresses that are being used to attack your website.
The easiest way to find the IP addresses causing the errors is to look at the server logs. Simply go to your hosting account control panel and click on the raw access logs icon.
On the next page, click on your domain name to download the access logs. This will download a file with a gz extension.
You will need to extract the file and open it with a text editor such as Notepad or TextEdit.
Here you will find the IP addresses that keep appearing on the wp-login.php page.
Copy and paste the IP addresses into a separate text file on your computer.
Step 2. Blocking suspicious IP addresses
Next, you need to log into your WordPress hosting control panel and click on the IP Blocker icon.
On the next screen, simply copy and paste the IP addresses you want to block and click the Add button.
Repeat the process to block any other suspicious IP addresses you want.
That’s all! You have successfully blocked suspicious IP addresses from accessing your website completely.
If you later need to unblock one of these IP addresses, you can easily do so in an IP blocking application.
3. Protecting your WordPress login with a website firewall
As a website administrator, you may not want to spend too much time managing the IP addresses that can access your WordPress login page.
The easiest way to secure your WordPress login pages is to use Sucuri. It is the best WordPress firewall which monitors comprehensively WordPress security plugin.
Sucuri’s Website Firewall automatically filters suspicious IP addresses to prevent access to important core WordPress files without ever reaching your website.
This method also improves your WordPress performance and speed as it prevents suspicious activities from slowing down your server.
In addition, Sucuri also has a built-in CDN network. It would automatically serve static files like images, style files, and JavaScript from a server closer to your users.
You can easily whitelist users’ IP addresses if they can’t access the WordPress login page.
Alternative: Cloudflare Free CDN
We hope this article helped you learn how to restrict IP address access to the wp-login.php file. You may also want to check out ours the complete WordPress security guide or check out these additional tips for WordPress admin area protection.
If you liked this article, please subscribe to ours YouTube channel for WordPress video tutorials. You can also find us at Twitter and Facebook.
.
MY NUMBER 1 RECOMMENDATION TO CREATE FULL TIME INCOME ONLINE: CLICK HERE