How To Restrict Access To WP-Admin For Preventing Malicious Attacks?

While the internet is a great platform for establishing an impressive online identity it also brings a lot of perils. Some time ago, people have witnessed one of the biggest DDos attacks in the history of internet. We also heard about the WordPress website being targeted by the hackers. These things bring about insecurity in the minds of many website owners who run their websites with the WordPress CMS.

WordPress is one of the most popular content management systems that is used for website / blog creation. Approximately, 17% of the websites are powered by WordPress today. This has offered a greater platform for the people with bad intentions to plan activities like DDoS attacks and website hacking. How can you safeguard your WordPress website against the hackers trying to crack into your WordPress login credentials?

There are many ways in order to strengthen the security of your WordPress website. Here is an insight on the most crucial ways:

You can use a plugin known as ‘Limit Login Attempts’ that limits the number of login attempts made to your website. This plugin enables you to set a maximum limit of failed login attempts from any particular IP and intimates you about the failed attempts. In this way you are well aware about any malicious activity that might occurs on your website in the future.

Another method of eliminating the unauthorized access is by limiting the login access altogether. This can be done by ‘White listing’ certain IP addresses that are known to you and blocking all the other IP addresses.

Here are the steps that you need to follow:

Step 1 : Go to the root of the WordPress installation on the server and locate a folder named – ‘wp-content’

Step 2 : Edit the .htaccess file by adding the commands mentioned below:

<Directory /wp-admin >
<files wp-login.php>
AllowOverride None
order deny,allow
# whitelist
allow from xx.xx.xx.xx (IP 1)
allow from xx.xx.xx.xx (IP 2)
allow from xx.xx.xx.xx (IP 3)
deny from all
</files>
</Directory>

Note : Remove the IP1, IP2 and IP3 from the code. In the similar way, you can add as many IP addresses as you want.

This is a small step that proves to be extremely beneficial in terms of the security of your WordPress website. With the help of this small amendment, only the authorized IP addresses will be able to access the WP-Admin page.


  • 45 Users Found This Useful
這篇文章有幫助嗎?

相關文章

Can I use my domain name or must I use my IP address as the hostname for FTP?

Using your IP address (192.168.22.22  is an example IP address) is the preferred entry for...

Can you transfer my sites from my current host to my new VPS?

Yes. We will transfer all of your sites free* of charge and will assure that you experience no or...

Do you allow MP3 files? Do you allow streaming of videos?

Yes we do with our special plans at http://hostripples.in/avs-hosting.php

Do you support Cold Fusion?

We do not support or Cold Fusion on our shared hosting servers, however you are more than welcome...