How to Apply IP Access Restriction In WordPress via .htaccess

Last Updated on July 28, 2023 by Mike Kipruto

To apply IP access restriction you can make use of the following .htaccess directive which uses mod_rewrite to control access to the “wp-admin” and “wp-login.php” directories based on the client’s IP address.

<IfModule mod_rewrite.c>
  RewriteEngine On

  # Allow access to wp-admin and wp-login.php from the specified IP range
  RewriteCond %{REMOTE_ADDR} !^1\.2\.3\.
  RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login\.php) [NC]
  RewriteRule ^ - [F]


This directive will deny access to “wp-admin” and “wp-login.php” for all IP addresses except those in the “” range.

Any requests to wp-admin” and “wp-login.php” not coming from the IP range specified will result in a 403 Forbidden response.

As always, make sure to have a backup of your .htaccess file and test the rules to ensure they work as expected for your specific server setup.


Leave a Reply

Your email address will not be published. Required fields are marked *