M3Server Technical Blog WordPress Protect your WordPress Admin

Protect your WordPress Admin



Defeat attacks from eating up your server’s CPU and prevent attackers from getting access to your WordPress wp-admin directory with one simple htaccess entry.

If you don’t have a .htaccess file (yes that starts with a dot in front of htaccess) upload a new one.  If you do, add this entry to the top of your .htaccess file:

site.com/wp-admin/.htaccess


Order deny,allow
Deny from all
#Allow from all
#Allow from 162.225.156.136
Allow from 162.225.156.137
Allow from 162.225.156.138
satisfy any

# is an ignore statement for htaccess. Server will ignore lines that start with #

Replace the example IP with your own. Two examples are provided to illustrate how to add more than one IP. These IP is real and only provided as an example. Use of improper IPs will result in a server producing an internal error, such as > Allow from 444.444.444.444.

Sometimes you may want to temporarily allow everyone access, if so, just remove the # comment from Allow from all, and place it in front of Deny from all.

How do you know what your IP is? Visit our tool site:

M3XS.NET – click here for your IP

Web Hosting – M3server.com

Leave a Reply