WordPress All-in-One For Dummies
Book image
Explore Book Buy On Amazon
One option you have is to limit access to the Dashboard to specific Internet Protocols only. You also hear this method referred to as allowlisting (allowing) access, which compliments your blocklisting (disallowing) solutions you have put in place.

Everything that touches the Internet, such as your computer, a website, or a server network, has what is known as an Internet Protocol (IP) address. An IP on your computer is like your home address; it uniquely identifies you so the Internet knows where your computer is located, physically.

An example of what an IP looks like is 12.345.67.89 — it’s a series of numbers that uniquely identifies the physical location of a computer or network.

You can edit the .htaccess file on your web server so that only IPs that you approve can access your Admin Dashboard, which blocks everyone else from having Dashboard access.

The lines of code that define the access rules get added to the .htaccess file located in on your web server where WordPress is installed, in a folder called /wp-admin. Download that file to your computer via FTP and open it using a text editor, such as Notepad (PC) or TextMate (Mac), and add the following lines to it:

order allow,deny
deny from all
allow from 12.345.67.89
In this example, the order defines what comes first. An IP that follows the allow rules is given access; any IP that doesn’t follow the allow rules is denied access. In this example, only the IP 12.345.67.89 can access the Admin Dashboard; all other IPs are denied.

If the /wp-admin folder in your WordPress installation doesn’t contain a file called .htaccess, you can easily create one using your FTP program by opening the /wp-admin folder and then right click with your mouse and select New File. Give that new file the name: .htaccess and make sure the new rules from the previous section are added.

Limiting access via IP does involve the following potential negatives:
  • This technique works only with static Internet Protocols. A dynamic Internet Protocol constantly changes.

  • The ability to use .htaccess is highly dependent on a web server that is running Apache. It won’t do you any good if your web server is Windows based or IIS, or if you’re using the latest NGINX web server.

  • Your Apache web server needs to be configured to allow directives to be defined by .htaccess files. Ask your web host about configuration.

About This Article

This article is from the book:

About the book author:

LisaSabin-Wilson co-owns WebDevStudios, a development company specializing in custom WordPress plugins, themes, and deployments. She's also a popular conference speaker. Find her blog at lisasabin-wilson.com, and follow @lisasabinwilson on Twitter.

This article can be found in the category: