We're getting some automated bots probing our installation of WordPress for known vulnerabilities. We're pretty good about upgrading, but just the same we'd like to limit admin access to a specific IP range. Given WordPress' popularity, it's a high-profile target. Security is a very high priority for us.
Htaccess is an obvious solution, but WordPress uses the wp-admin directory and seemingly many of the same files for both regular users and admins. (Which strikes me an architectural error from a security stand-point.)
So ... my question is: How does one limit admin access by IP? If this isn't a feature, can it be added?
Thanks for your time,