WordPress is the most popular CMS now and more than 22% sites run on WordPress. These numbers matter to hackers as well because they always try to hack the popular platforms. To avoid such hacking and create a shield around your WordPress dashboard, you can choose to ban or restrict selected IP addresses. Using server log, you can find the IP addresses which are trying to access your dashboard at certain interval and ban those IPs. Or if you are having a dedicated static IP address, then allow only your IP to access the dashboard. But the second option may cause problem if you are trying to access the dashboard from some other computer or some other location altogether.
But here is the way you can allow only your IP to access the dashboard.
Write the following code to your .htaccess file. If you do not have an .htaccess file in your wp-admin directory, then simply create a new one.
order deny,allow # Replace the below 188.8.131.52 with your IP address # allow from 184.108.40.206 deny from all
Above code will allow only IP address 220.127.116.11 to access the WordPress admin dashboard. YOu can find your IP address on using ‘Find My IP’ like service or type “What is my IP address” on Google and it shows your public IP address.
To allow access to the WordPress admin dashboard to more than one IP address, add the code as below,
order deny,allow # Replace the below 18.104.22.168, 22.214.171.124 with the IP addresses you want to allow # allow from 126.96.36.199 allow from 188.8.131.52 deny from all
Apart from this, you can take help from following WordPress plugins to Ban IP Addresses to Login on WordPress Dashboard.
Plugins to Restrict IP Addresses to Login on WordPress Dashboard :
1. WP Ban :
WP-Ban allows you to block or ban a specific IP address, an entire IP Range (maybe an entire internet service provider).It will display a custom ban message whenever they tries to visit you blog. You can also exclude certain IPs from being banned. There will be statistics recorded on how many times they attempt to visit your blog. It allows wildcard matching too.
Step 1 : Install & Activate the WP Ban plugin.
Step 2 : On your WordPress dashboard, had over to the settings section, you will see Ban menu. After clicking on it, following window well appear :
Step 3 : Here in this settinga page you can enter the IP address, IP address range, Banned message, etc. Once you are done with customizing it, Save Changes.
2. IP Ban :
IP Ban is a security plugin, protects your site accessing from unwanted IP addresses or user agents. You can add IP addresses or user agents creating your own black list. It also good to protect your site from unwanted crawlers, which uses your resource and bandwidth.
Step 1 : Install & Activate IP Ban plugin.
Step 2 : On your WordPress dashboard, head over to the simple IP ban menu under the Settings section, you will see the following window :
Step 3 : Here, you can enter the IP address, User Agent List that you want to ban. You may specify a redirect url; when a user from a banned ip/user agent access your site, he will be redirected to the specified URL. At last, Save the Changes.
3. Limit Login Attempts :
By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease. Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
Limit Login Attempts has features like Limit the number of retry attempts when logging in (for each IP), Fully customizable, Limit the number of attempts to log in using auth cookies in same way, Informs user about remaining retries or lockout time on login page, Optional logging, optional email notification, Handles server behind reverse proxy. It is also possible to whitelist IPs using a filter.
Step 1 : Install & activate the Limit Login Attempts plugin.
Step 2 : On your WordPress dashboard, head over to the Limit Login Attempts menu under the Settings section. You will see following window.
Step 3 : Here you can customize the no. of retries, lockout time, etc. If your server is located behind a reverse proxy make sure to change site connection setting.
4. Simple Security :
Simple Security Plugin for WordPress is an Access Log to track Logins and Failed Login Attempts for the admin area of your WordPress Website. You can add a widget to the admin dashboard for logins and failed login attempts.
It has features like Configurable email alert notifications when selected conditions are met, Receive an optional email alert when new IP addresses are added to Blacklist, Receive an optional email alert after a failed login attempt, Receive an optional email alert after a successful login.
Step 1 : Install & activate the Simple Security plugin.
Step 2 : On your WordPress dashboard, head over to the Simple Security menu under the Settings section. You will see following window.
Step 3 : Customize it as per your requirements & save changes. You can enter the IP black list in the IP Address backlist tab.
A simple way to lock down login security for multisite and regular WordPress installations. It provides Security against brute force attacks by tracking IP, name, password; requiring very strong passwords, Idle timeout, Maintenance mode lockdown.
6. IP Blacklist Cloud :
It blacklists IP Addresses from visiting your WordPress website and Usernames from spamming. It shows details of all failed login attempts.
I hope you find this article helpful. Now, you can prevent your WordPress dashboard from hackers. If you have any query or suggestion regarding the same, do share with us.
WP-Ban and Limit Login Attempts are very good plugins. To ban a selected IP or IP range, I would recommend using WP-Ban and to restrict the login attempts (hackers use bots to do that), Limit Login Attempts is the one you should install first.