Posted 2 years ago #
In trying to make my site more secure, I am trying to add an htaccess file in the wp-admin directory to restrict which IPs can access the admin files.
My problem is, is that the file is restricting the IP I am telling it to allow.
order deny, allow
allow from ###.###.##.##
allow from ###.###.##.###
deny from all
Does anyone have any advice on how I can make this work?
Posted 2 years ago #
Move ..
deny from all..above the...
allow from ###.###.##.###..lines..
So basically you say DENY FROM ALL, then you set 2 exceptions following..
Posted 2 years ago #
Thank-you for your reply. I tried that and it didn't work, any other ideas?
Posted 2 years ago #
Works for me.. same method as described on the results here.
Posted 2 years ago #
Hi JenH, it's relatively simple even though the syntax is a bit dense.
The file you originally posted would work correctly if you wanted to block all but two IPs from accessing files in the directory.
The big gotcha is that WordPress forwards all requests to the root index.php file, which is outside of the wp-admin folder. If you tried to access a jpg file under wp-admin the rules would probably work, but otherwise not.
You will need to do some significantly fancier coding in the root .htaccess file.
Posted 2 years ago #
Try placing this ABOVE the WP section in the root .htaccess for the blog:
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^###\.###\.##\.##$
RewriteCond %{REMOTE_HOST} !^###\.###\.##\.###$
RewriteRule wp-admin - [F]
Posted 2 years ago #
Do you have any reference on where I can find some "fancier" coding or instructions?
Posted 2 years ago #
Ignore my last post, I just got your code now and am going to try it.
Posted 2 years ago #
Thank you Thank you Thank you miqrogroove! That totally did the trick and you have made my day!
This topic has been closed to new replies.
