Do you know? wp-login.php is a soft-target file for the brute force attack. This is a file which is responsible for the authenticating the user and allow accessing the WordPress Dashboard.
According to research, most hacking in WordPress are performed by automated bots. The malicious bot attempt to hack WordPress by using brute-force method. Hence, improving the security of WordPress Admin area is crucial.
You can limit access to wp-login.php for the specific IP range. I wouldn’t like to talk about common static IP method, you can search for it on Google. This method is especially for those who are on Dynamic IP address. For example, valid for AirTel, Reliance Jio, etc users.
Required for this tutorial
- Access to .htaccess file
- Basic knowledge of editing .htaccess file and IP address
This includes major two steps. Let’s learn step-by-step.
Step 1. Find your IP range
- Go to https://check-host.net/?lang=en
- Click on IP address
- In the table row ‘IP range’
- Click on CIDR
- Copy all CIDR notations. Example 188.8.131.52/24
Step 2. Configure your .htaccess file to limit access by IP
- Login to File Manager
- Go to your WordPress application public_html directory
- Edit .htaccess file
- Add below rules and save changes.
# Allow Access to wp-login.php file from following IP address range <Files "wp-login.php"> Order deny,allow Deny from all Allow from 184.108.40.206/24 Allow from 220.127.116.11/23 Allow from 18.104.22.168/22 Allow from 22.214.171.124/20 </Files>
A quick tip
You can edit .htaccess file using Yoast SEO plugin’s tools option also. Very first, you may need to enable it.
- Go to Yoast SEO > Dashboard > Features > Enable Advanced settings pages > Save changes
- Now you will see list of few more options. (Ref: Screenshot)
- Go to Tools > File Editor > .htaccess
Note: Make sure to replace CIDR notation as per your IP address. [Ref: Step 1]
So, this was the complete process to restrict access for your wp-login.php file based on IP range. I hope you liked this tutorial. If you have any suggestion or queries, do let me know via below comment section.
Thanks! Have a great day!