Menu
Disclosure: ULTIDA's content is free & reader-supported. We may earn a commission if you click & buy through our links. Your support helps us create the best content & make a difference.
Tutorials

How To Restrict WordPress Admin Access By IP Address

restrict wordpress admin access by ip address

Are you looking for a guide to learn how to restrict WordPress admin access by IP address?

I’m excited to teach you how to make it happen as a WP web developer (with 15+ years of experience).

You might ask yourself, WHY would I ever restrict it? I’ve never had any problems with hacks so I am sure my website is safe.

I feel you because I thought the same when I first started in the WordPress space.

But is it really?

Why Is Restricting WordPress Admin Important?

When I was developing WordPress themes for PremiumCoding, the DDoS attacks were common and we even had a hack through the WordPress login form.

While the situation improved in the years with better security in WordPress, themes, and plugins, it still DOESN’T hurt to add that extra layer of security.

Just so you’ll sleep better and not worry about hackers trying to bring down your WordPress website.

Which, by the way, sucks big times in case it happens.

And hacks can be very damaging even if you don’t have an eCommerce website.

Hacks can destroy your online business

Intruders can steal your data or distribute malware and phishing scripts to your website which will then take advantage of your visitors.

Attention: Your domain can even get blacklisted because of that!

And that can destroy your website’s reputation and plunges your organic visits down to ABSOLUTE zero.

If your team is not big, the easiest thing you can do is simply restrict the access by IP addresses.

This allows only your writing team members to login into your WordPress administration panel (and make backend changes they want).

Even if a hacker knows your username and password, there is no way he can hack the website.

They will get the error message: “Forbidden. You don’t have permission to access this resource.”

How To Restrict WordPress Admin By IP

You will HAVE to gather all the IP addresses of your writers, employees, and anyone else that needs access to the administration panel of your website.

The only problem you might run into is if one of them has a dynamic IP.

Or if he/she moves a lot as you would have to change the IP address each time.

How to find IP

They can learn their IP by simply writing into Google search: “What is my IP”.

You can limit the IP access by editing the .htaccess file on your website. (Ensure you first make a backup in case you do any edits.)

But, you need an FTP client for that, and editing this important file can sometimes lead to SERIOUS issues (if you aren’t 100% sure what you’re doing).

That’s why I recommend using a plugin for this task.

It’s much easier and safer.

Plus, very beginner-friendly.

Install and activate Login IP & Country Restriction plugin.

Please refer to our tutorial if you are not yet familiar with WordPress plugin installation.

Using Login IP & Country Restriction WordPress plugin

After you successfully install and activate the plugin go to its settings.

using login ip and country restriction wordpress plugin

You will notice that you can limit the IP by country, too.

For instance, we had a lot of attacks from India (on PremiumCoding) at one point, so we just restricted all visitors from there to prevent further attacks.

To restrict certain IP addresses click on the IP restriction tab.

You will notice that you have two options.

You can either ALLOW specific IPs or BLOCK them.

Both options can be useful if you know how to use them. (It’s easy!)

restrict wordpress admin access by ip

To restrict every IP address, but the select few, simply add all your team members’ IPs to the Allow specific IPs field.

On the other hand, if you are only having issues with a few ANNOYING hackers and you can see their IPs, you can block them here.

Limit IP access by country

Restricting by country can be useful if you are seeing attacks only from specific parts of the world.

restrict wordpress admin access by country ip

Or if you have a local business, you can block the rest of the world as you don’t really need visits from there.

If that is the case it’s much faster to disable certain countries and forget about suspicious activity altogether.

AND you’re done.

Your website is now much safer and you don’t have to worry about hackers trying to get through your WordPress administration login.

No Comments

    Leave a Reply