Comments on: Restrict WordPress Admin Access by IP Address

By: Yasir Imran

Yasir Imran — Sun, 30 Dec 2012 08:22:04 +0000

Quite useful regarding security. I recently encountered few attacks on my wp site and I am looking for a good solution.

By: Leland

Leland — Sat, 20 Feb 2010 22:20:55 +0000

Glad to hear it’s working out for you.

By: Leland

Leland — Sat, 20 Feb 2010 22:19:48 +0000

Maybe, but you'd need to integrate it with a geo IP-to-location database which might be a little overkill for something like this. If you login from a lot of places/IPs you might want to look into something like Login Lockdown.

By: Elizabeth Richardson

Elizabeth Richardson — Sat, 20 Feb 2010 22:12:02 +0000

After leaving this system in place for a couple months now, I’ve now been able to relax. I does seem to work as I had been hacked multiple times before too.

I use an ip range instead of a specific ip in my .htaccess and it works fantastic. Thank you so much.

By: Mishra

Mishra — Fri, 19 Feb 2010 17:10:41 +0000

Thanks for the info
I was very frustrated with my blog got hacked fourth time.
I wanted to be 100% sure to stop all bot attracts.
in last few days I tried many plugins including askapache but it is not working fine because of some problem with my hosting.

Finally I got a custom solution, I put an .htaccess file in wp-admin folder and IP locked it to open only with my IP range. and it works. Now no bot can try to check out my options and setting files. Unless the bot is in my PC itself.

: )

Regards

By: Gary LaPointe

Gary LaPointe — Fri, 11 Dec 2009 01:45:06 +0000

But I access my site from all sorts of places, including my cellphone.

What I’d really like is to restrict everywhere outside of North America and that would probably cut down on a lot of hacking wouldn’t it?

Yes, it’s still open but a lot less wide than it was previously.

Anyone try anything like this?

By: Leland

Leland — Mon, 07 Dec 2009 11:36:50 +0000

That sounds like it could be pretty effective. Especially if you login at a lot of different locations with different IP addresses, it may not be practical to add a .htaccess rule for each one.

And glad you like the design!

By: joshua strebel

joshua strebel — Sun, 06 Dec 2009 20:20:01 +0000

The login lockdown plugin is also nice. Limits and then bans failed login attempts. Kind of like IPtables for wp.
http://wordpress.org/extend/plugins/login-lockdown/

We added it to our pre-install for page.ly customers so it will be activated be default after signup.

PS.. love the new themelab.com design.

By: Leland

Leland — Thu, 03 Dec 2009 14:34:46 +0000

@Elizabeth: No problem! Let me know how it works out for you.

By: Elizabeth

Elizabeth — Tue, 01 Dec 2009 08:46:16 +0000

Thanks so much for this.

I’ve been experiencing exploit attempts on several of my wordpress websites and have been using ht.access to block the individual IP’s. But this seems much more effective. Hope it works well.

Thanks Leland.