How To I.P. Protect Your WordPress Admin Section

One way to protect the backend of your blog or content management system is to prevent access to it by people who don’t need to be back there. Yes, you have the login verification page, however, in this day and age of the internet that should not be your only line of defense against h4x0rs. Another secure way of preventing people from getting to your admin pages is to allow access to only approved I.P addresses.

An I.P. address is like a house number for your computer. Every person that logs onto the computer is assigned an I.P. address by their internet service provider. Some providers, such as Comcast, give each of their accounts a static unique number while others, such as AOL, make their users share a block of I.P. addresses. This method works best if you have a static I.P. address, although you can update the file with your new address if you are stuck with provider that uses dynamic ones.

You must also have Apache installed on your server.

1. Go to or to get your I.P. address.

2. Create an .htaccess file and insert the following code

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_URI} !/index.php$
RewriteCond %{REMOTE_HOST} !^xx\.xx\.xxx\.xx
RewriteRule $ /index.php [R=302,L]

Line four is where you enter in your I.P. address. Just replaces the x’s with your number and make sure the slashes stay where they are before the period otherwise you’ll get an error.

Lines three and five tell the server the page where you want people to be redirected to. In this example, this code will redirect people who try to access the admin section to the main page of the site.

3. Drop the .htaccess file into the same folder where you admin files are located.

4. Test by changing the I.P. address to something different than your own and then try to access your admin pages. You should be bounced back to your home page. Just be sure when you are done testing to change the I.P. address to the correct one.

Good luck and safe blogging