How to protect wp-admin directory using htaccess
7 Comments 
Related Posts 
Share 
RSS Feed If pretty sure most of you who use Wordpress knows that there are 1 important directory and 1 important files that can be accessed by anyone (assuming that you don’t have any plugins that record, disallow them from being accessed) called wp-admin and wp-login.php. And if you’ve been wondering on how to prevent / restrict access to that directory to yourself only, perhaps this simple guide can help you with that
Here’s the code that you should be copy paste to your root .htaccess file (where wp-login.php exist). And also as a note, i didn’t put any IfModule check here, so if you get 500 Internal Server Error after putting below code to your .htaccess file that means your hosting doesn’t allow you to use mod_rewrite. But if you’re able to use custom permalink on your Wordpress site, that means mod_rewrite is enabled so you can use below code without problem ALSO this is designed for one man site only (in other words you block access from everyone else other than you to your Wordpress dashboard), so make sure to adjust it accordingly if you allowed anyone else
# Redirect wp-admin and wp-login to specified address if not from specific ip
# Btw you're free to add additional directory as you see fit
# Note: This'll break your site if you have plugins/themes that depend on accessing admin-ajax.php
RewriteCond %{REQUEST_URI} wp-login|wp-admin
RewriteCond %{REMOTE_ADDR} !^123.456.789.
RewriteRule . http://www.domain.com/ [R,L]
# Or .. if you prefer to return 404 Not found instead of redirecting it, use below code instead
RewriteCond %{REQUEST_URI} wp-login.php|wp-admin
RewriteCond %{REMOTE_ADDR} !^123.456.789.
RewriteRule . - [R=404,L]
As an added bonus, because most webhosting enable autoindex by default (that can allow other to browse your directory structure if you don’t have index file defined), i’d suggest you to add below code to your .htaccess too
Options -Indexes
Comments
Trackbacks/Pingbacks
- THE Ultimate Htaccess
- 'How To Guide' for securing WordPress and protecting websites. | MileHighTechGuy > Productivity Tools & Technology
- 26个用于Wordpress的 .htaccess 规则 - 候鸟博客
- New Plugin: Integrity for WordPress ↔ BraveNewCode Inc.
- ‘How To Guide’ for securing WordPress and protecting websites. | MileHighTechGuy
- How to Improve WordPress Security | Interconnect IT - WordPress Consultants, Web Development and Web Design
- A to Z of WordPress .htaccess Hacks | Nometech.com
- Ultimate .htaccess file Examples
- Installing a LAMP Server, with Wordpress, on Slicehost (and maybe elsewhere) « A Life of Constant Flux
- Installing a LAMP Server on Slicehost (and maybe elsewhere) « A Life of Constant Flux
- Reading list, Virtual online worlds and MMOGs
- My favorite WordPress Resources | sebthom.de
Connect with me
branchenbuch steele-online.de/Medien-und-Werbung.html Oct 23, 2010 at 2:33 PM
Hello. Great job. I did not expect this on a Wednesday. This is a great story. Thanks!
TheahdimeLome Aug 16, 2010 at 9:54 AM
i’m new… hope to brief nearly more regularly!
John google.com/profiles/john.greer.tx Apr 30, 2009 at 8:35 AM
If you have 2 or more people authoring the blog in multiple IPs, for tip #3 above, you can add multiple IPs with the htacess OR operator, for example:
RewriteCond %{REMOTE_ADDR} !^70\.30\.200\.40|200.180.20.250
mikle bigbones.com Aug 26, 2008 at 7:50 PM
JxMrIL sdlfRnd6M2HvO4
Martin Ankerl martin.ankerl.com Jan 25, 2008 at 12:09 AM
Thanks a lot! My wordpress was recently hacked, now I have upgraded to the latest release and done all your suggestions. I hope this helps
Thanks Jonathan :)
Jonathan jonlandrum.com/ Sep 5, 2007 at 3:24 AM
Nice! A lot of useful tips here. And thanks for the link to the AskApache plugin.