How To Limit Access To WordPress Login Page By IP Address?
WordPress is the most popular CMS now and more than 22%
sites run on WordPress. These numbers matter to hackers as well because they
always try to hack the popular platforms. To avoid such hacking and create
a shield around your WordPress dashboard, you can choose to ban or restrict selected
IP addresses. Using server log, you can find the IP addresses which are trying
to access your dashboard at certain interval and ban those IPs. Or if you are
having a dedicated static IP address, then allow only your IP to access the
dashboard. But the second option may cause problem if you are trying to access
the dashboard from some other computer or some other location altogether.
But Here Is The Way You Can Allow Only Your IP To Access The Dashboard
Write the following code to your .htaccess file. If
you do not have an .htaccess file in your wp-admin directory, then simply
create a new one.
order deny,allow
# Replace the below 117.168.1.10 with your IP address #
allow from 117.168.1.10
deny from all
Above code will allow only IP address 117.168.1.10 to access
the WordPress admin dashboard. You can find your IP address on using ‘Find My
IP’ like service or type “What is my IP address” on Google and it shows your
public IP address.
To allow access to the WordPress admin dashboard to more
than one IP address, add the code as below.
order deny,allow
# Replace the below 117.168.1.10, 117.168.119.11 with the IP addresses you want to allow #
allow from 117.168.1.10
allow from 117.168.119.11
deny from all
Apart from this, you can take help from following WordPress
plugins to Ban IP Addresses to Login on WordPress Dashboard.
Plugins To Restrict IP Addresses To Login On WordPress
Dashboard
1. WP Ban
WP-Ban allows you to block or ban a specific IP
address, an entire IP Range (maybe an entire internet service
provider).It will display a custom ban message whenever they tries to visit you
blog. You can also exclude certain IPs from being banned. There will be
statistics recorded on how many times they attempt to visit your blog. It
allows wildcard matching too.
Step 1:- Install & Activate the WP Ban Plugin from here.
Step 2:- On your WordPress dashboard, had over to the
settings section, you will see Ban menu. After clicking on it, following window
well appear.
Step 3:- Here in this settinga page you can enter the
IP address, IP address range, Banned message, etc. Once you are done with
customizing it, Save Changes.
2. IP Ban
IP Ban is a security plugin, protects your site accessing
from unwanted IP addresses or user agents. You can add IP addresses or user agents
creating your own black list. It also good to protect your site from
unwanted crawlers, which uses your resource and bandwidth.
Step 1:- Install & Activate IP Ban Plugin from here.
Step 2:- On your WordPress dashboard, head over to the
simple IP ban menu under the Settings section, you will see the following
window.
Step 3:- Here, you can enter the IP address, User Agent
List that you want to ban. You may specify a redirect url; when a user
from a banned IP / User agent access your site, he will be redirected to the
specified URL. At last, Save the Changes.
3. Limit Login Attempts
By default WordPress allows unlimited login attempts either
through the login page or by sending special cookies. This allows passwords (or
hashes) to be brute-force cracked with relative ease. Limit Login Attempts
blocks an Internet address from making further attempts after a specified limit
on retries is reached, making a brute-force attack difficult or impossible.
Limit Login Attempts has features like Limit the number
of retry attempts when logging in (for each IP), Fully customizable, Limit
the number of attempts to log in using auth cookies in same way, Informs
user about remaining retries or lockout time on login page, Optional
logging, optional email notification, Handles server behind reverse proxy.
It is also possible to whitelist IPs using a filter.
Step 1:- Install & activate the Limit LoginAttempts Plugin from here.
Step 2:- On your WordPress dashboard, head over to
the Limit Login Attempts menu under the Settings section. You will see
following window.
Step 3:- Here you can customize the no. of retries,
lockout time, etc. If your server is located behind a reverse proxy make
sure to change site connection setting.
4. Simple Security
Simple Security Plugin for WordPress is an Access Log to
track Logins and Failed Login Attempts for the admin area of your WordPress
Website. You can add a widget to the admin dashboard for logins and failed
login attempts.
It has features like Configurable email alert
notifications when selected conditions are met, Receive an optional email
alert when new IP addresses are added to Blacklist, Receive an optional
email alert after a failed login attempt, Receive an optional email alert
after a successful login.
Step 1:- Install & activate the SimpleSecurity Plugin from here.
Step 2:- On your WordPress dashboard, head over to the
Simple Security menu under the Settings section. You will see following
window.
Step 3:- Customize it as per your requirements
& save changes. You can enter the IP black list in the IP Address Backlist
tab.
5. Login Security Solution
A simple way to lock down login security for multisite and
regular WordPress installations. It provides Security against brute force
attacks by tracking IP, name, password; requiring very strong passwords, Idle
timeout, Maintenance mode lockdown.
Install & activate the Login Security Solution Plugin from here.
6. IP Blacklist Cloud
It blacklists IP Addresses from visiting your WordPress
website and Usernames from spamming. It shows details of all failed login
attempts.
Install & activate the IP Blacklist Cloud Plugin from here.
I hope you find this article helpful. Now, you can prevent
your WordPress dashboard from hackers. If you have any query or suggestion
regarding the same, do share with us.
Conclusion
WP-Ban and Limit Login Attempts are very good plugins. To
ban a selected IP or IP range, I would recommend using WP-Ban and to restrict
the login attempts (hackers use bots to do that), Limit Login Attempts is the
one you should install first.
If you want to know that How do I log into my WordPress website then click this link formore information:
ReplyDeleteHow do I log into my WordPress website