Last Updated on July 28, 2023 by Mike Kipruto
To apply IP access restriction you can make use of the following .htaccess directive which uses mod_rewrite to control access to the “wp-admin” and “wp-login.php” directories based on the client’s IP address.
<IfModule mod_rewrite.c>
RewriteEngine On
# Allow access to wp-admin and wp-login.php from the specified IP range
RewriteCond %{REMOTE_ADDR} !^1\.2\.3\.
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login\.php) [NC]
RewriteRule ^ - [F]
</IfModule>
This directive will deny access to “wp-admin” and “wp-login.php” for all IP addresses except those in the “1.2.3.0/16” range.
Any requests to “wp-admin” and “wp-login.php” not coming from the IP range specified will result in a 403 Forbidden response.
As always, make sure to have a backup of your .htaccess file and test the rules to ensure they work as expected for your specific server setup.
Leave a Reply