This section explains how to limit the computers that can log in to the WordPress admin screen by IP.


Limit the IPs that can log in to the WordPress admin panel.

An IP is like an address assigned to every computer connected to the Internet.
Therefore, by limiting the IPs that can log in to the WordPress administration screen, it is possible to greatly increase security by allowing only certain computers to log in.

Step 1: Find out the IP of your computer.

First, find out the IP of your computer.
You can find out the IP by using a site like this one.

Step 2: Create an HTACCESS file

In a text editor, write the following and save it under the name a.htaccess.

Order deny,allow
deny from all
allow from 202.241.222.222
allow from 192.168.222.222

Order allow,deny
Allow from all
Satisfy any


Order allow,deny
Allow from all
Satisfy any

202.241.222.222 and 192.168.222.222 are IP addresses you want to allow connections from. (If there is only one IP address, you only need to write one line.)

The two lines “Order deny,allow deny from all” means that only the IPs listed below will be allowed to connect.

The lines admin-ajax.php, *.css, etc. are to allow only the communication behind WordPress and the loading of stylesheets, as they may affect the display part of the site.

Step 3 Upload the HTACCESS file with FTP software

Connect to the site’s server with your FTP software and place the above a.htaccess file in the wp-admin folder. This will apply IP address-based connection restrictions to the wp-admin folder, which contains the WordPress administration functions.

Finally, rename a.htaccess to .htaccess and turn it into an executable configuration file.

Notes on IP Address Restrictions

Many providers change the IP address of your PC connection frequently.
For this reason, please be aware that if you are not connected to the Internet with a fixed IP, you will not be able to access the management screen if your IP changes when you follow the above procedure.

To improve WordPress security and to check for malware and vulnerabilities, please try the following plug-ins.
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal]

Related Posts:

  1. What to do when a WordPress site displays a red screen saying “This site may cause damage to your computer.
    This section explains how site operators can deal with a red screen on a WordPress site that says “This site may cause damage to your computer....
  2. WordPress HTACCESS has been tampered with and access to the admin panel is no longer possible
    Recently, a type of malware has become popular in which a WordPress site is tampered with, and although the site can be displayed without problems, the administrator screen cannot be accessed. We will explain how to deal with this case....
  3. How can I increase the security of the WordPress login screen?
    We will explain how to increase the security of the WordPress login screen in order of importance....
  4. Cases in which malware (virus infection, tampering) prevents logging in to the management screen
    There have been an increasing number of cases where a hacker has embedded a number of malicious HTACCESS files in a site, making it impossible to log in to the administration screen. This case study will be explained in this issue....
  5. WordPress SiteGuard plugin may erase HTACCESS or cut off the setting in the middle.
    We have received several inquiries from WordPress Doctor customers about cases of HTACCESS disappearing, settings being cut off in the middle, and 500 errors....
  6. How Hackers Discover Your WordPress Site Dork
    It is dangerous to run a WordPress site and think that it will not be targeted because of low traffic. We will explain why low traffic does not necessarily mean that your site will not be hacked....