How to protect wp-admin directory using htaccess

If pretty sure most of you who use Wordpress knows that there are 1 important directory and 1 important files that can be accessed by anyone (assuming that you don’t have any plugins that record, disallow them from being accessed) called wp-admin and wp-login.php. And if you’ve been wondering on how to prevent / restrict access to that directory to yourself only, perhaps this simple guide can help you with that

Here’s the code that you should be copy paste to your root .htaccess file (where wp-login.php exist). And also as a note, i didn’t put any IfModule check here, so if you get 500 Internal Server Error after putting below code to your .htaccess file that means your hosting doesn’t allow you to use mod_rewrite. But if you’re able to use custom permalink on your Wordpress site, that means mod_rewrite is enabled so you can use below code without problem ALSO this is designed for one man site only (in other words you block access from everyone else other than you to your Wordpress dashboard), so make sure to adjust it accordingly if you allowed anyone else

# Redirect wp-admin and wp-login to specified address if not from specific ip
# Btw you're free to add additional directory as you see fit
# Note: This'll break your site if you have plugins/themes that depend on accessing admin-ajax.php
RewriteCond %{REQUEST_URI} wp-login|wp-admin
RewriteCond %{REMOTE_ADDR} !^123.456.789.
RewriteRule . [R,L]

# Or .. if you prefer to return 404 Not found instead of redirecting it, use below code instead
RewriteCond %{REQUEST_URI} wp-login.php|wp-admin
RewriteCond %{REMOTE_ADDR} !^123.456.789.
RewriteRule . - [R=404,L]

As an added bonus, because most webhosting enable autoindex by default (that can allow other to browse your directory structure if you don’t have index file defined), i’d suggest you to add below code to your .htaccess too

Options -Indexes

Leave a comment


  1. faxeshtkesbf Sep 14, 2014 at 11:12 AM

    Ecco Anne Hathaway riprese di The Intern a Manhattan, e che

  2. modular kitchen,modular kitchen design,modular kitchen cabinets,Modular Kitchen India,Modular Kitchen Dealers,Modern Modular Kitchen Cabinets,Modular Kitchen Mumbai,Modular Kitchens Designs,Modular Kitchen Cabinets,Modular Kitchen Manufacturers,Kitchen De Sep 8, 2014 at 3:38 AM

    You can buy these cabinets online without leaving the comfort of your home.

    Like high school rodeo, trail riding, family vacations and retirement traveling the country.
    Our firm is With Fully Automated Machinery From Germany and

  3. Glory Sep 7, 2014 at 9:21 PM

    Magnificent beat ! I wish to apprentice while you amend your website, how
    can i subscribe for a blog web site? The account aided me a acceptable deal.
    I had been a little bit acquainted of this your broadcast provided bright clear idea

  4. Aug 31, 2014 at 11:48 PM

    Good post. I learn something new and challenging on blogs I stumbleupon on a
    daily basis. It’s always interesting to read through content from other authors and practice a little
    something from other web sites.

  5. modular Designs Aug 28, 2014 at 3:07 AM

    Elements In modular kitchen dealer – What’s Required

  6. cost of dental implant Aug 25, 2014 at 4:55 PM

    Good day! Do you know if they make any plugins to protect against hackers?
    I’m kinda paranoid about losing everything I’ve worked hard on. Any tips?

    Feel free to surf to my web blog: cost of dental implant

  7. Yolanda May 23, 2014 at 1:00 PM

    Thanks for any other great post. The place else
    could anybody get that type of information in such an ideal
    approach of writing? I have a presentation subsequent week, and I am on the
    look for such info.

    my web-site: linked here (Yolanda)

  8. Alexandria Apr 15, 2014 at 4:20 PM

    I am actually pleased to read this webpage posts which carries lots of valuable facts, thanks for providing these statistics.

  9. シューズ 人気 Nov 27, 2013 at 2:48 PM

    Hello! I could have sworn I’ve visited your blog before but after
    browsing through a few of the articles I realized it’s new to me.
    Nonetheless, I’m certainly happy I found it and I’ll
    be bookmarking it and checking back often!

    Feel free to visit my web site :: シューズ 人気

  10. 注目 ステンカラージャケット 安心 Nov 26, 2013 at 9:39 PM

    I like what you guys are usually up too. Such clever work
    and reporting! Keep up the wonderful works guys I’ve you
    guys to blogroll.

    Take a look at my blog post 注目 ステンカラージャケット 安心

  11. ラルフローレン ジャケット 推薦 Oct 29, 2013 at 10:27 PM

    Ahaa, its fastidious discussion regarding this paragraph here at this weblog, I have read all that,
    so now me also commenting here.

    Here is my blog post :: ラルフローレン ジャケット 推薦

  12. mayra veronica videos Sep 14, 2013 at 10:32 PM

    I drop a leave a response whenever I like a post on a site or I have something to valuable to
    contribute to the conversation. Usually it is caused by the fire communicated in
    the post I browsed. And on this article How to protect wp-admin directory using htaccess – Reaper-X.
    I was moved enough to drop a comment ;-) I actually
    do have a few questions for you if it’s okay. Is it only me
    or does it appear like a few of these remarks look as if they are written by brain dead people?

    :-P And, if you are posting at other sites, I’d like to keep up with you.
    Could you list the complete urls of your shared sites like
    your Facebook page, twitter feed, or linkedin profile?

  13. strength workout routines Sep 9, 2013 at 5:09 PM

    Hello There. I found your weblog the usage of msn.
    This is an extremely smartly written article. I will be sure to bookmark it and come back to read extra of your useful information.
    Thanks for the post. I’ll definitely return.

  14. branchenbuch Oct 23, 2010 at 2:33 PM

    Hello. Great job. I did not expect this on a Wednesday. This is a great story. Thanks!

  15. TheahdimeLome Aug 16, 2010 at 9:54 AM

    i’m new… hope to brief nearly more regularly!

  16. John Apr 30, 2009 at 8:35 AM

    If you have 2 or more people authoring the blog in multiple IPs, for tip #3 above, you can add multiple IPs with the htacess OR operator, for example:

    RewriteCond %{REMOTE_ADDR} !^70\.30\.200\.40|

  17. mikle Aug 26, 2008 at 7:50 PM

  18. Martin Ankerl Jan 25, 2008 at 12:09 AM

    Thanks a lot! My wordpress was recently hacked, now I have upgraded to the latest release and done all your suggestions. I hope this helps

  19. Reaper-XReaper-X Sep 5, 2007 at 2:58 PM

  20. Jonathan Sep 5, 2007 at 3:24 AM

    Nice! A lot of useful tips here. And thanks for the link to the AskApache plugin.


  1. THE Ultimate Htaccess
  2. 'How To Guide' for securing WordPress and protecting websites. | MileHighTechGuy > Productivity Tools & Technology
  3. 26个用于Wordpress的 .htaccess 规则 - 候鸟博客
  4. New Plugin: Integrity for WordPress ↔ BraveNewCode Inc.
  5. ‘How To Guide’ for securing WordPress and protecting websites. | MileHighTechGuy
  6. How to Improve WordPress Security | Interconnect IT - WordPress Consultants, Web Development and Web Design
  7. A to Z of WordPress .htaccess Hacks |
  8. Ultimate .htaccess file Examples
  9. Installing a LAMP Server, with Wordpress, on Slicehost (and maybe elsewhere) « A Life of Constant Flux
  10. Installing a LAMP Server on Slicehost (and maybe elsewhere) « A Life of Constant Flux
  11. Reading list, Virtual online worlds and MMOGs
  12. My favorite WordPress Resources |

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>