1

I need to restrict access to this specific domain:

mydomain.com/wp-admin

I tried this code but didn't work

RewriteRule ^wp-admin(?!/something\.php/allow/this/uri/?$) - [F,L,NC]

How can I do this, please?

Improve this question

1 Answer 1

Reset to default
2

Single IP address access

To allow access from a single IP address, replace 123\.123\.123\.123 with your own IP address:

RewriteEngine on RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$ RewriteRule ^(.*)$ - [R=403,L]

Multiple IP address access

You can check your IP to get your computer's IP address.

To allow access from multiple IP addresses, replace 123\.123\.123\.xxx with your own IP addresses:

RewriteEngine on RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.121$ RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.122$ RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$ RewriteRule ^(.*)$ - [R=403,L]

Dynamic IP address access, limit by referer

If your IP address changes, you can protect your WordPress site by only allowing login requests coming directly from your domain name. Simply replace example\.com with your own domain name

Most brute force attacks rely on sending direct POST requests right to your wp-login.php script. So requiring a POST request to have your domain as the referrer can help weed out bots.

RewriteEngine on RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?example\.com [NC] RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ RewriteRule ^(.*)$ - [F]

Wait at least 15-20 minutes, and try to login to your WordPress site again. If you try to access the WordPress dashboard within the 15 minute window of a block, this could extend the block longer. It's important to wait for the previous block to expire and be patient before attempting to access your WordPress site again.

source

For you case if you want to restrict that url yourdomainname.com/wp-admin, use this : 

<files wp-login.php> # set up rule order order deny,allow # default deny deny from all allow from x.x.x.x allow from y.y.y.y allow from z.z.z.z </files> ErrorDocument 401 default ErrorDocument 403 default ErrorDocument 404 default
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

I appreciate your effort but actually I don't want to restrict the ip, I only want to restrict that url mydomainname.com/wp-admin
Ok i've added what you need in the last part of the answer @Marwa
I think this method would restrict access to certain ips .. Isn't there a method other than restricting by ip? I need to restrict the url itself as it is
@Marwa yep look at the last part of the answer it block all access but the the ips that you add
I need a method without using ips, a method that restricting a url without using ips, isn't there a method to achieve this ??
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.