Restrict Access to the WordPress Admin Dashboard Based on IP Address

The Admin Dashboard is one of the weakest links when it comes to securing WordPress. One way of securing the WordPress dashboard is using .htaccess to whitelist any IPs that you want to have access, and blocking everyone else. This method is quick and easy, and it works well because attackers can’t attack what they can’t see.

Here are two different ways to use .htaccess to block access to the WordPress Admin Dashboard based on IP address.

Method 1 – Return a 403 (Permission Denied) error

1. Create (or edit) an .htaccess file in the root WordPress directory.

2. Add the following code:

Be sure to replace ###.###.###.### with your IP address. Add another “RewriteCond %{REMOTE_ADDR} !=###.###.###.###” line for each additional IP that you want to have access.

Anyone whose IP is not whitelisted will receive a 403 (permission denied) error.

Method 2 – Redirect to Another URL

1. Create (or edit) an .htaccess file in the root WordPress directory.

2. Add the following code:

Replace ###.###.###.### with your IP address. Add another “RewriteCond %{REMOTE_ADDR} !=###.###.###.###” line for each additional IP that you want to have access.

A Final Word

These methods work well if you have a static IP address or if you connect through a VPN or proxy with a static IP. If you don’t have a static IP or if you have multiple people that need access to the WordPress Admin Dashboard then you might want to consider a different approach.

Leave a Reply

Your email address will not be published. Required fields are marked *

×Mike Everhart

Need Some More Help? Let's Talk!

I'd love to work with you! Fill out the form below to schedule a free consultation to discuss your needs and how I can help.

Need More Help?