How to Block all IP Address from accessing wp-admin/wp-login

Blocking IP addresses is a difficult but important security measure for WordPress sites. However, it is not a guarantee of 100% safety.

Studies show that tens of thousands of sites are hacked every day. This is all the more reason  to protect your own website and data. But we should also keep in mind the safety of the data of visitors. Site owners who do not take proper precautions, as a rule, are faced with a significant decrease in traffic and a very long time to lose their credibility. It has happened with sites of all sizes, even large Internet shops.

Make your WordPress site fully secure  just by moving to Nestify. Migrate your WooCommerce Store or WordPress Website NOW for full-proof security and data protection

However, do not be afraid. There are measures that can and should be taken to reduce the chances of breaking your WordPress site by restricting access to specific users. In this article, we will introduce you to a small installation guide of IP restrictions for your login page.

Let’s get started.


Prior to implementing any modifications on your website, it’s highly advisable to create a backup. This precautionary step serves to prevent any potential issues that may arise unexpectedly. In case you lack a plugin that routinely generates backups for your website, you can easily safeguard your data by duplicating the .htaccess configuration file discovered in the root directory of your site. Once you’ve secured this backup, you can proceed with making the necessary changes to it without concerns about data loss or disruptions.

What is a Static IP address?

IP Address

As the name implies, the static IP-address – this IP-address does not change. This means that you, as an administrator, go to the admin panel from the same IP address, and you can restrict access to it to other users whose IP address will be different from yours.

Those who constantly visit the site and manage it from  one or more places can use the material in this blog  to prevent hacking of the site. In this scenario, the IP address (or addresses) that has access to the site remains static.

Understanding the Importance of Blocking All IPs

Before diving into the “how,” let’s first understand why it is crucial to block all IPs from accessing wp-admin and wp-login.

  • Mitigating Brute Force Attacks: Attackers often attempt to crack your login credentials through brute force attacks. By restricting access to wp-admin and wp-login, you reduce the chances of such attacks being successful.
  •  Enhancing Overall Security: Limiting access to the backend reduces the protection barrier  of your WordPress site, making it more challenging for hackers to exploit vulnerabilities.
  •  Protecting Sensitive Information: wp-admin and wp-login are where you manage your site, including sensitive data. Blocking unauthorized access safeguards this information.

Now that we understand the importance, let’s proceed to the steps for blocking all IPs.

Beginning of work

Ip address Hostname

In this section, we’ll begin the process of preparing your website for further modifications. These adjustments will primarily involve editing the .htaccess configuration file and specifying the IP address you’ll use for accessing your WordPress website.

To start, you’ll need to determine your current IP address by visiting the website Once you’ve retrieved your IP address, Simply copy and paste the information into a text editor like Notepad++; you’ll need it later.

Now, let’s locate the .htaccess configuration file for your WordPress site. You should find this file in the root directory of your website. If, for some reason, y

You can utilize a text editor that’s integrated into cPanel or, if you prefer, any other text editor available on your device, such as Notepad.

Lastly, it’s important to ensure that you copy the entire code provided for this lesson and paste it at the beginning of the .htaccess file. This step is crucial to avoid unintentional alterations to your site’s settings while implementing these changes.

Set IP limits using a static IP address.

If you ever come to your site from one or more jobs, you can perform the following steps to install IP limits. The principle of this method is that we will create a white list of safe (allowed) addresses that have access to the admin area of your site. You can add or delete the IP address from this list as needed.

In principle, all the devices  with IP addresses on the list will be able to log in and enter the admin panel site.

How do you set IP restrictions using static IP addresses?

Follow these three simple steps to set up an IP restriction using the desired static IP address.

  1. Open the .htaccess configuration file of your WordPress site
  2. Copy and paste the following code on the top in the .htaccess file
On RewriteEngine

RewriteCond% {REQUEST_URI} ^ (. *)? Wp-admin $

RewriteCond% {REMOTE_ADDR}! ^ 23.456.789.10

RewriteCond% {REMOTE_ADDR}! ^ The IP Address InsertTwo $

RewriteCond% {REMOTE_ADDR}! ^ The IP Address InsertThree $

RewriteRule ^ (. *) $ - [R = 403, L]

      3. Save the changes you have made to the .htaccess file

Code Editing

To alter the code to suit your specific addresses, all you have to do is make changes in lines 4 and 5 and add the IP addresses that will receive access to your login page.

To do this, simply replace the IP Address InsertTwo $ and IP Address InsertThree $ at the address that you have chosen. IP addresses to which you are replacing must be in the format specified in line 3. Line 3 – It’s just an example with the already inscribed IP address, which you can replace.

You can add multiple addresses, duplicate line 4, and add a new IP, or vice versa, leave only one address, removing extra lines.


As we have said, there is no single solution that could 100% guarantee that your site will not be broken or will not face any security threat. However, by setting the IP restrictions on the WordPress login page, you will be capable of protecting it against any possible attacks that use brute force.

We hope you enjoyed this tutorial and it was helpful. After completing these simple manipulations, you can increase the security of your site, making limited IP addresses.

Does your WordPress site have security issues? What steps do you take to protect it from threats?


If you are looking for Managed WordPress Hosting that is isolated from other users on the server, We provide you with everything for which you have been waiting. Our hosting is built on a blazing-fast SSD latest hardware That’s Highly tuned for optimum performance. The hosting includes daily backups, anytime money back, 99.97% uptime, and 24×7 support.

FAQs on IP Addresses from Accessing Wp-Admin

Is blocking all IP addresses safe?

Blocking all IP addresses except those you trust can enhance security but may also lock you out if you’re not careful. Make sure to whitelist your IP address or have alternative means of accessing your site in case you accidentally block yourself.

Can I use a combination of methods for IP blocking?

Yes, you can combine methods. For instance, you may add IP filtering using a security plugin like Wordfence and then further customize the restrictions using unique PHP code.

Are there any downsides to blocking all IP addresses?

Blocking all IP addresses can be too restrictive if you frequently need to access your site from different locations or devices. Ensure that your whitelist includes all necessary IP addresses to avoid inconvenience.

How often should I update my whitelisted IP addresses?

To guarantee that only reputable sources may access your WordPress admin and login pages, evaluate and update your whitelisted IP addresses on a regular basis. Any IP addresses that are no longer needed should be removed.

Want faster WordPress?

WordPress Speed Optimization

Try our AWS powered WordPress hosting for free and see the difference for yourself.

No Credit Card Required.

Whitelabel Web Hosting Portal Demo

Launching WordPress on AWS takes just one minute with Nestify.

Launching WooCommerce on AWS takes just one minute with Nestify.