O'Reilly logo

WordPress 3 Ultimate Security by Olly Connelly

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Apache modules

Already we have solidified login to WordPress, some interface tools, and the server. Let's fill some gaps by restricting access and protecting specific web directories.

IP deny with mod_access

Apache offers a sure-fire way to lock down admin, care of the mod_access module.

Similar to cPanel's IP Deny Manager, the greater flexibility of hand-coding empowers us to allow or deny all but specified IP addresses, domains, hosts, and networks.

For now, we'll prevent access to the wp-admin directory pages for all IPs except yours.

Open an htaccess file in your wp-admin directory via your control panel or the terminal:

nano /path/to/WP-root/wp-admin/.htaccess

Add these lines, swapping the IP for yours:

order deny,allow deny from all allow from ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required