Knowledgebase

Portal Home > Knowledgebase > WordPress > Protecting your wp-admin directory


Protecting your wp-admin directory




To help our wonderful WordPress fans with this nice security tip, we hope you find it useful!

One of the most basic ways to keep your WordPress administrative area safe without having to manage yet another widget is to simply place an .htaccess file in the wp-admin directory.  Please note this is not to replace any fancy widgets that may do the same job.   Some of those tend to get out of date, so this is something that requires some technical knowledge but once you get the hang of it, you may never need a wp-admin widget.

NOTE: This is fairly advanced for some people so if you need help with this, you may need to ask a web developer for help.  You will have to know how to obtain your IP address.   You can actually see this from cPanel under the "last logged in from" area on the left hand side of the control panel once logged in of course.

Steps:

  1. A fast way to create the file is to go to the control panel (cPanel).  i.e.: http://cpanel.yourdomain
  2. Within file manager you make your way to the wp-admin folder.
  3. Create a new file called .htaccess
  4. Edit the file to have this information and save it (cut and paste all in blue below):


#START OF CODE

order deny,allow
deny from all
# whitelist home IP address
allow from 000.000.000.000
# whitelist work IP address
allow from 000.000.000.000

#END OF CODE

Important notes:

  • Not everyone has a "static IP" but now a days, your IP may not change for a very long time!  If it ever does, you may not be able to get to your administrative area in WordPress until you update it with the new IP.  But, never fear, obtain the newly assigned IP from your provider via whatever means you are comfortable with (which is outside the scope of this article!) then modify the file via cPanel with the new IP if that should ever happen.   Again, this solution is a simple one, not something meant to replace any other type of widget.
  • If you have a static IP assigned to you via your ISP, then this fix is a great one for you!
  • Adding a work IP is helpful if you are at two different locations.
  • The htaccess information above pretty much blocks everyone but the IPs you specifically allow.  
  • For more advanced htaccess techniques, best to search via your favorite search engine about it.
  • This simple fix can dramatically reduce the problem of hackers trying to get into your admin account all day long, 24x7.  Trust us, they try all the time!   Once you remove the ability for them to poke around, they pretty much leave you alone and move on to easier "prey".


Note: Please contact us if you wish to add information to this article. Thank you!

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Wordpress security (Views: 2669)
Caching Solutions for WordPress or other solutions (Views: 2953)
WordPress not visible without a properly configured domain (Views: 4471)
Steps to installing WordPress at Parcom (Views: 4152)
WordPress Migration/Moving (Views: 3560)