Protecting Wordpress admin area

Mar 19, 2009

In my Wordpress admin I saw that Sergej Müller and Alex Frison had written an article about protecting Wordpress admin area in which they linked to my htpasswd generator. I have only skimmed through the article, but they give some good suggestions on how to protect your Wordpress admin from unwanted intruders such as hackers. My own simple approach is to only allow known IPs to access the wp-admin directory. Here is how I do it with .htaccess:

Order Deny,Allow
Deny from all
allow from 80.80.80.80

Just change “80.80.80.80″ to your IP. You can find your IP on my browser check page, just look for “Remote Address”.  You can ofcourse add another “allow line” to above code, if you want to use the Wordpress admin from multiple computers.

by Andreas | Categories: Wordpress, htaccess | Tagged: |
Enjoyed this article? Subscribe to the full RSS Feed

10 Responses so far | Have Your Say!

  1. PiterKokoniz
    April 8th, 2009 at 17:39 #

    Hi !! :)
    My name is Piter Kokoniz. Just want to tell, that your blog is really cool
    And want to ask you: will you continue to post in this blog in future?
    Sorry for my bad english:)
    Tnx!
    Your Piter

  2. Andreas
    April 8th, 2009 at 18:26 #

    Yeah, of course I will :-) When I write a new htaccess article or add a new generator I will make a blog post about it.

  3. Brendan
    July 28th, 2009 at 11:30 #

    Hi Sorry to put this here but your article: http://www.htaccesstools.com/articles/htaccess-redirect/ has a redirect loop in it
    the section:
    RewriteEngine on
    RewriteCond %{HTTP_HOST} mydomain.com [NC]
    RewriteRule ^(.*)$ http://www.mydomain.com/$1 [R=301,L]

    should be

    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^mydomain.com$ [NC]
    RewriteRule ^(.*)$ http://www.mydomain.com/$1 [R=301,L]

    otherwise %{HTTP_HOST} mydomain.com [NC] will match on both the http://www. and the non http://www.

  4. Brie
    March 31st, 2010 at 10:05 #

    Since I’ve discovered the command line tool ‘htpasswd’, I’ve stuck with that and never gone back. For people who work largely or exclusively via SSH, it’s a no-brainer!


    Brie

  5. Dmitry
    April 5th, 2010 at 19:38 #

    ……

    Бизнесмен из Вас отличный…

  6. jorg
    April 19th, 2010 at 01:05 #

    At last it happens!

  7. Sasha
    April 19th, 2010 at 21:51 #

    Excellent news

  8. Костя
    May 29th, 2010 at 14:59 #

    СПС.

    Я тут

  9. Сергей
    June 6th, 2010 at 14:55 #

    http://rel” rel=”nofollow”> Спасибо,…

    Хотя новость уже читал…

  10. Light
    June 7th, 2010 at 20:43 #

    http://rel” rel=”nofollow”>Даже не знаю…

    Ссылки как то странно отображаются…

Leave a Feedback

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>