How to lock down the WordPress admin panel



Lockdown only the admin account

If you are running WooCommerc e-commerce, membership site or have som other reason for giving your users access to the admin panel the Clef Two-Factor Authentication WordPress plugin is our recommendation. The Authy Two Factor Authentication is another excellent WordPress plugin. Use one of these plugins to lock down only the accounts with admin rights. Not the user accounts.

Customized access control

If there is only yourself or a few users that need access to your admin panel, then placing a .htaccess file in the /wp-admin/ folder is our choice. This enables you to limit the access by IP address, IP-range or domain names of your choice. You can customize a .htacces file to do pretty much anything. Another advantage is that .htaccess files are fast and easy to disable for a few minutes to work and then re-activating when completed. That can be useful when you need access from a cell phone connection or for some other reason. Another reason is that .htaccess files is not a plugin. The fewer plugins you need, the better.

CloudFlare IP module

Your .htaccess file will only work if you also use the CloudFlare IP module when using CloudFlare. This is because this module is required to show your real IP and not the address re-written by CloudFlare. Follow these instructions

To deactivate .htaccess

sudo mv .htaccess 1htaccess

To re-activate access limitation to WordPress admin panel

sudo mv 1htaccess .htaccess
Use TextExpander or a similar app on your PC, mobile and tablet to enable and disable the .htaccess.

Create the .htaccess file

Create a file with the name .htaccess in:

cd /wp-admin

Then create the file

sudo nano .htaccess

Just replace 888.888.888.888 with your IP’s below.
Then cut-and-paste this content into your .htaccess file:

Require all denied
# Localhost
Require ip
Require ip 888.888.888.888
Require ip 888.888.888.888
# Home
Require ip 888.888.888.888
# VPS servers
Require ip 888.888.888.888
# Work
Require ip 888.888.888.888
# Cabin
Require ip 888.888.888.888
# John Smith
Require ip 888.888.888.888