Limit Access by IP to Your WP Login PHP file in WordPress

How to Limit Access by IP to Your WP Login PHP file in WordPress

To access your website, DDoS assaults and hackers frequently target the WordPress login page. Such attacks can be successfully thwarted by restricting access to particular IP addresses.

This post will demonstrate how to restrict access by IP to your WordPress wp-login.php file quickly.

Limit access by IP to your WP login PHP files in WordPress:

Let’s look at two methods, including a cloud security firewall, for restricting access to the wp-login.php file to particular IP addresses.

1- By IP Address, restrict access to the WordPress login page

You must modify the .htaccess file to use this technique.

The root folder of your website has a particular server configuration file called .htaccess, which may be viewed using FTP or the File Manager tool in your WordPress hosting control panel.

Use an FTP program to connect to your WordPress site, then modify your .htaccess file and add the following code at the top.

1

2

3

4

5

6

7

8

9

10

<Files wp-login.php>

order deny,allow

Deny from all  

#

whitelist Your own IP address

allow from xx.xxx.xx.xx  

#

whitelist some other user’s IP Address

allow from xx.xxx.xx.xx

 </Files>

Don’t forget to substitute your IP addresses for the XXS. By going to the supportAlly page, you may quickly determine your IP address.

You can ask other users to submit their IP addresses if they need to check in to your website with them. Then you may also include those in the .htaccess file.

The wp-login.php file can now be viewed and used by people with these IP addresses to log onto your website. The following error message will appear to other users:

2- Preventing particular IP addresses from visiting your website

The first strategy is entirely at odds with this one.

You can restrict IP addresses used to attack your website instead of limiting access to the WordPress login page to particular IP addresses.

This technique benefits WordPress membership websites, e-commerce sites, and other websites where many users must log in to access their accounts.

This method’s drawback is that hackers can keep targeting your website by changing their IP addresses.

Fortunately, many popular WordPress hacking efforts employ a set of fixed IP addresses, making this technique effective in most situations.

Step 1. Identifying the IP Addresses, You Want to Block That Are Offending

Finding the IP addresses used to attack your website is the first step.

Examining your server logs will help you quickly discover the offending IP addresses. Navigate to your hosting account’s control panel and select the Raw Access log icon.

Click your domain name on the following page to download the access logs. With this, a file with the.gz extension will be downloaded.

To view it, you must extract the file and use a text editor like Notepad or TextEdit.

From this point on, you may discover the IP addresses that frequently access the wp-login.php page.

The IP addresses should be copied and pasted into a different text file on your computer.

Step 2. Blocking mistrustful IP Addresses

After logging in, select the IP Blocker icon in your WordPress hosting control panel.

Copy and paste the IP addresses you want to block on the following screen, then click the Add button.

To block any other suspicious IP addresses, you desire, repeat the procedure.

That’s it. You were able to prohibit shady IP addresses from accessing your website entirely.

You can easily unblock one of these IP addresses in the future via the IP blocker app if necessary.

 

Conclusion

This post has shown you how to restrict access to your wp-login.php file based on an IP address. Contact MKMarketing now to get services for your WordPress websites and make them up to date, secure, and protected.

Like what you read? Share with your friends!

Facebook
Twitter
LinkedIn
Email
Print

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

The information presented within this guide is aimed at website owners seeking to learn the ropes of web accessibility. Technical elements are described in layman’s terms, and, as a rule, all topics pertaining to the legalities of web accessibility are presented in as simplified a manner as possible. This guide has no legal bearing, and cannot be relied on in the case of litigation.