»

Nov 07

WordPress – Restrict Login by IP

Enable the use of HTACCESS overrides:

sudo nano -w /etc/apache2/sites-available/xxx.conf

Add this line:
AllowOverride All

-----

If you have a static IP and want to restrict access, a simple way is to lock down access to the wp-login.php file using .htaccess to control:

<files wp-login.php>
order deny,allow
deny from all
# whitelist Your First IP address
allow from xxx.xxx.xxx.xxx
# whitelist Your Second IP address
allow from xxx.xxx.xxx.xxx
#whitelist a /24 subnet (10.1.1.0 /24 example)
allow from 10.1.1.0/24
</files>

—–

Multiple Files Example:

<FilesMatch "index\.php|index\.html">
 Order deny,allow
 Deny from all
 Allow from x.x.x.x
 Allow from 10.1.0.0/24
</FilesMatch>