Filter by Internet Protocol (IP) Address to Limit Access to the WordPress Dashboard
One option you have is to limit access to the Dashboard to specific Internet Protocols only. You also hear this method referred to as whitelisting (allowing) access, which compliments your blacklisting (disallowing) solutions you have put in place.
Everything that touches the Internet, such as your computer, a website, or a server network, has what is known as an Internet Protocol (IP) address. An IP on your computer is like your home address; it uniquely identifies you so the Internet knows where your computer is located, physically.
An example of what an IP looks like is 12.345.67.89 — it’s a series of numbers that uniquely identifies the physical location of a computer or network.
The lines of code that define the access rules get added to the .htaccess file located in on your web server where WordPress is installed, in a folder called /wp-admin. Download that file to your computer via FTP and open it using a text editor, such as Notepad (PC) or TextMate (Mac), and add the following lines to it:
order allow,deny deny from all allow from 12.345.67.89
In this example, the order defines what comes first. An IP that follows the allow rules is given access; any IP that doesn’t follow the allow rules is denied access. In this example, only the IP 12.345.67.89 can access the Admin Dashboard; all other IPs are denied.
If the /wp-admin folder in your WordPress installation doesn’t contain a file called .htaccess, you can easily create one using your FTP program by opening the /wp-admin folder and then right click with your mouse and select New File. Give that new file the name: .htaccess and make sure the new rules from the previous section are added.
Limiting access via IP does involve the following potential negatives:
This technique works only with static Internet Protocols. A dynamic Internet Protocol constantly changes.
The ability to use .htaccess is highly dependent on a web server that is running Apache. It won’t do you any good if your web server is Windows based or IIS, or if you’re using the latest NGINX web server.