Connect with us

Wordpress Tips

3 Ways To Limit Access To wp-login.php by IP

Your WordPress login page is quite attractive to hackers. If they somehow get through your defenses through brute force attacks, you are in trouble. I know many WordPress users that do not take time to protect their wp-login.php file on their website. Here are 3 simple ways to do that:

Tip: 20 ways to drive more traffic to your site

Limit Login Attempts Plugins: these plugins limit the number of times someone can get username/password pair wrong. It alerts you when your site is under attack and bans abusive IPs.


Use .htaccess: if you are using Apache as your main web server, you could use your .htaccess file to harden WordPress. The above code snippet protects your wp-login.php file by IP. You should add the above code to your root directory / .htaccess file. Make sure to test it out to see if it works as it should.

Use Nginx: many top WordPress blogs use Nginx as their web server. That means you won’t be able to use the mentioned .htaccess code to protect your login page. The good news is the job is still easy to do. I would add the above code to my vhost configuration files or WordPress.conf (depending on how you have setup Nginx).

These won’t make your website hack-proof but they do keep brute force attackers from messing with your wp-login.php page. You could and should implement this for your wp-admin directory too.

Any questions or problems? Please add them below.

Continue Reading
You may want to check out:
*some of our articles and lists include affiliate links to fund our operations (e.g. Amazon, Elegant Themes, Envato). Please read our disclaimer on how we fund Exxponent.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Wordpress Tips

To Top