As we mentioned while using WordPress 2.8.3, our site was hacked in an attempt to hack our WP-Admin folder. Fortunately, WordPress found the bug and released a security patch on WordPress 2.8.4, but this attack caused us to take additional security measures with our site. We have limited access to our wp-admin folder using .htaccess and assigning specific IPs that can access it. Before a hacker kept resetting our password and that was because they could see our wp-admin folder and see the login bar. Now only WPBeginner publishers can see our admin panel. In this article, we will show you how you can limit access to the wp-admin folder by IP address using the .htaccess file.
First you need to open your .htaccess file located in your /wp-admin/ folder and make a backup of it.
Note: Do not edit your Root .htaccess file, do not paste these codes there. It should be /wp-admin/.htaccess if you don't see that file, create a blank file, name it .htaccess in your wp-admin folder.
Then paste the following code:
AuthUserFile / dev / null AuthGroupFile / dev / null AuthName "WordPress Admin Access Control" AuthType Basic denegar, permitir denegar de todas # la dirección IP de Syed permitir desde xx.xx.xx.xxx # whitelist la dirección IP de David permitir desde xx.xx .xx.xxx # lista de direcciones IP de Amanda permite desde xx.xx.xx.xxx # lista de direcciones IP de Muhammad permite desde xx.xx.xx.xxx # lista de direcciones IP de trabajo permite desde xx.xx.xx.xxx
Paste your IP address and upload the file.
Now, if you have more than one IP, be sure to include them there. For example, Work, Home, Vacation IP, if you ever use it. Every time you want to visit your wp admin panel from another location, you will have to add an additional IP address. That's the only downside to this hack, but it will keep your wp-admin folder safe.
