Posted 1 month ago #
In trying to make my site more secure, I am trying to add an htaccess file in the wp-admin directory to restrict which IPs can access the admin files.
My problem is, is that the file is restricting the IP I am telling it to allow.
order deny, allow
allow from ###.###.##.##
allow from ###.###.##.###
deny from all
Does anyone have any advice on how I can make this work?
Move ..
deny from all..above the...
allow from ###.###.##.###..lines..
So basically you say DENY FROM ALL, then you set 2 exceptions following..
Posted 1 month ago #
Thank-you for your reply. I tried that and it didn't work, any other ideas?
Works for me.. same method as described on the results here.
Posted 1 month ago #
Hi JenH, it's relatively simple even though the syntax is a bit dense.
The file you originally posted would work correctly if you wanted to block all but two IPs from accessing files in the directory.
The big gotcha is that WordPress forwards all requests to the root index.php file, which is outside of the wp-admin folder. If you tried to access a jpg file under wp-admin the rules would probably work, but otherwise not.
You will need to do some significantly fancier coding in the root .htaccess file.
Posted 1 month ago #
Try placing this ABOVE the WP section in the root .htaccess for the blog:
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^###\.###\.##\.##$
RewriteCond %{REMOTE_HOST} !^###\.###\.##\.###$
RewriteRule wp-admin - [F]
Posted 1 month ago #
Do you have any reference on where I can find some "fancier" coding or instructions?
Posted 1 month ago #
Ignore my last post, I just got your code now and am going to try it.
Posted 1 month ago #
Thank you Thank you Thank you miqrogroove! That totally did the trick and you have made my day!
You must log in to post.
