Restricting Access to the WordPress Dashboard

Published on Thu 20th Aug, 2009 in Chatter. 0 Comments Tags: security, tips, wordpress.

During his recent talk at WordCamp San Francisco 2009 Matt Cutts mentioned a neat trick for restricting access to the WordPress admin area – adding a .htaccess file to wp-admin.

His technique (mentioned on slide 48 of the presentation slides) allows you to whitelist IP addresses that can access the wp-admin area (your home, workplace etc.) whilst denying access to everyone else. All you need to do is create a .htaccess file with the following content, fill in as many IP addresses as you want whitelisted and upload it to the wp-admin folder of your WordPress blog:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist home IP address
allow from 123.45.67.89
# whitelist work IP address
allow from 123.45.67.98
</LIMIT>

And your done! You now have full protection against nefarious types accessing your WordPress admin area courtesy of Apache.

0 Responses to “Restricting Access to the WordPress Dashboard”

Feed for this Entry Trackback Address
  • No Comments

Leave a Reply

Anti-Spam Protection by WP-SpamFree

Copyright © 2007-2009 Hugh Johnson

Site last updated Fri 6th Nov, 2009 @ 17:29; This content last updated Wed 19th Aug, 2009 @ 21:11