How to Protect WordPress Admin area from Unauthorized Access -: WordPress is one of the most popular CMS with over 35% of internet website are build on WordPress CMS at this time of writing this post. There other CMS like Squarespace, Joomla, Drupal etc but use by only fewer sites. WordPress is far ahead as compare to its competitor. Previously WordPress users to create a blog or website But now WordPress core code changed a lot as well as the massive ecosystem of Plugins and theme, you can create any type of website with WordPress.
As WordPress is more popular CMS, therefore, it is the main target for a hacker. As per Sucuri WordPress accounted for 90 per cent of all hacked CMS sites in 2018. WordPress is very secure by default itself most of the security breach occurs due to the use of theme and plugin from unauthorized sources. on WordPress Platform website security hardening means securing a website by reducing its surface of vulnerability. More use of theme and plugin, Showing directory or WordPress version provides a potential entry point to the hacker.
Sucuri experts blamed most of the hacks on vulnerabilities in plugins and themes, misconfiguration issues, and a lack of maintenance by webmasters, who often forgot to update their CMS, themes, and plugins.
How to Protect WordPress Admin area from Unauthorized Access-:
.htaccess in WordPress is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn ‘loaded via the Apache Web Server’, then the .htaccess file is detected and executed by the Apache Web Server software.
These .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. These facilities include basic redirect functionality, for instance, if a 404 file not found error occurs, or for more advanced functions such as content password protection or image hotlink prevention.
.htaccess file performs lots of crucial action in WordPress website one of them is to control WordPress admin area by limiting the access to the selected IP address only. Copy and paste following on in your .htaccess file. If you are unable to locate your .htaccess file Read the complete guide on How to locate htaccess file in WordPress.
The WordPress Admin folder has required files to run the WordPress dashboard. So, all your visitors don’t need to access it. It will be good to enable only a few selected IP addresses to access the wp-admin folder. You can limit access to certain users like editors, contributors, and other admins. You can use this code snippet in the .htaccess file:
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "WordPress Admin Access Control" AuthType Basic <LIMIT GET> order deny,allow deny from all # whitelist My IP address allow from xx.xx.xx.xxx # whitelist John's IP address allow from xx.xx.xx.xxx </LIMIT>
Don’t forget to replace xx values with your own IP address. If you use more than one IP address to access the internet, then make sure you add them as well.
Thanks for reading…“Pardon my grammar, English is not my native tongue.”
If you like my work, Please Share on Social Media! You can Follow WP knol on Facebook, Twitter, Pinterest and YouTube for latest updates. You may Subscribe to WP Knol Newsletter to get latest updates via Email. You May also Continue Reading my Recent Posts Which Might Interest You.