One easy way you can add an extra layer of security to your WordPress website is to protect your wp-admin folder by blocking access to everyone other than you. This only takes a few minutes to do, and it can save you hours of grief later.
There are only 2 steps involved in protecting your wp-admin folder with .htaccess:
- Create the .htaccess file with the necessary code
- Upload this file to your wp-admin folder
Now that you know how easy this is to do, let’s go through the steps.
Create the .htaccess file
First, you will need to create a .htaccess file. Using a text editor of your choice, create a new file and enter the following code:
allow from xxx.xxx.xx.xx
deny from all
You will need to replace “xxx.xxx.xx.xx” with your real IP address. If you do not know your IP address, go to whatismyip.com and they will give your IP address to you. Save the file as “.htaccess” and you’re done with this step.
Upload the .htaccess file to your wp-admin folder
Lastly, upload the newly created .htaccess file to your wp-admin folder. Using the FTP client of your choice (I prefer Filezilla), log into your hosting account and find your wp-admin folder.
Enter the wp-admin folder and upload your .htaccess file.
That’s it! You’re done!
Adding this .htaccess file to your wp-admin folder will block every IP address from accessing your WordPress admin area except for the IP address you entered. If your IP address changes, as they often do, you will have to edit this .htaccess file with your current IP address.
You can also enter more than one IP address to this .htaccess file. So if you want to grant access to other users, or if you log in to your WordPress site from more than one place, simply add more “allow from xxx.xxx.xx.xx” lines before the last line of “deny from all”.