One of the most common ways to secure WordPress is by using a .htaccess file. This can be done by adding a few lines of code to your .htaccess file, which is located in the root directory of your WordPress site.
Table of Contents
Limit IP Addresses
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "IP Limit" AuthType Basic <LIMIT GET> order deny,allow deny from all allow from xxx.xxx.xxx.xxx allow from xxx.xxx.xxx.xxx </LIMIT>
This will deny access to anyone that isn’t coming from your IP address. You will need to replace “xxx.xxx.xxx.xxx” with your actual IP address.
Once you have added the code to your .htaccess file, save it and upload it back to your server. Now, when someone tries to access your wp-admin area, they will be redirected away from it unless they are coming from one of the allowed IP addresses.
If you need to allow access to your wp-admin area from a new IP address, simply add it to the end of the RewriteCond line in your .htaccess file.
Password Protected Directories
Another way to protect your wp-admin area is by password-protecting it. This can be done by creating a .htpasswd file and adding it to your wp-admin directory.
The .htpasswd file will contain a username and password for each user that you want to have access to the directory. The password will be encrypted, so anyone who tries to view the .htpasswd file will only see a bunch of gibberish.
You can generate an encrypted password for each user using a tool like this to generate a htpasswd file.
Once you have added all of the users to the .htpasswd file, save it and upload it to your wp-admin directory. Then add the password file to .htaccess file like this:
AuthName "Admin Section" AuthUserFile /path-to-wordpress-folder/wp-admin/htpasswds AuthType basic Require valid-user <Files admin-ajax.php> Order allow,deny Allow from all Satisfy any </Files>
Now, when someone tries to access your wp-admin area, they will be prompted for a username and password. If you need to add a new user, simply open the .htpasswd file and add their username and password on a new line. Save the file and upload it back to your server.