Protect The wp-admin Folder With .htaccess

One easy way you can add an extra layer of security to your WordPress website is to protect your wp-admin folder by blocking access to everyone other than you.  This only takes a few minutes to do, and it can save you hours of grief later.

There are only 2 steps involved in protecting your wp-admin folder with .htaccess:

  1. Create the .htaccess file with the necessary code
  2. Upload this file to your wp-admin folder

Now that you know how easy this is to do, let’s go through the steps.

Create the .htaccess file

First, you will need to create a .htaccess file.  Using a text editor of your choice, create a new file and enter the following code:

order deny,allow
allow from
deny from all

You will need to replace “” with your real IP address.  If you do not know your IP address, go to and they will give your IP address to you.  Save the file as “.htaccess” and you’re done with this step.

Upload the .htaccess file to your wp-admin folder

Lastly, upload the newly created .htaccess file to your wp-admin folder.  Using the FTP client of your choice (I prefer Filezilla), log into your hosting account and find your wp-admin folder.

protect wp-admin with htaccess

Protect wp-admin with htaccess

Enter the wp-admin folder and upload your .htaccess file.

add htaccess file to wp-admin folder

Add .htaccess file to wp-admin folder

That’s it!  You’re done!

Important notes

Adding this .htaccess file to your wp-admin folder will block every IP address from accessing your WordPress admin area except for the IP address you entered.  If your IP address changes, as they often do, you will have to edit this .htaccess file with your current IP address.

You can also enter more than one IP address to this .htaccess file.  So if you want to grant access to other users, or if you log in to your WordPress site from more than one place, simply add more “allow from” lines before the last line of “deny from all”.