Nov 07

WordPress – Restrict Login by IP

Enable the use of HTACCESS overrides:

sudo nano -w /etc/apache2/sites-available/xxx.conf

Add this line:
AllowOverride All


If you have a static IP and want to restrict access, a simple way is to lock down access to the wp-login.php file using .htaccess to control:

<files wp-login.php>
order deny,allow
deny from all
# whitelist Your First IP address
allow from
# whitelist Your Second IP address
allow from
#whitelist a /24 subnet ( /24 example)
allow from


Multiple Files Example:

<FilesMatch "index\.php|index\.html">
 Order deny,allow
 Deny from all
 Allow from x.x.x.x
 Allow from