Already we have solidified login to WordPress, some interface tools, and the server. Let's fill some gaps by restricting access and protecting specific web directories.
Apache offers a sure-fire way to lock down admin, care of the
Similar to cPanel's IP Deny Manager, the greater flexibility of hand-coding empowers us to allow or deny all but specified IP addresses, domains, hosts, and networks.
For now, we'll prevent access to the
wp-admin directory pages for all IPs except yours.
htaccess file in your
wp-admin directory via your control panel or the terminal:
Add these lines, swapping the IP for yours:
order deny,allow deny from all allow from ...