Adding extra protection to your WordPress Admin Page

Yo, I recently installed WordPress since it is a waste to let a good yearly shared hosting idle.

After installation, I got this idea to limit access to the WP admin page. I use a VPN to make sure that the admin page can be able for me only.

For more information kindly read this article.

https://www.basaka.top/2020/09/securing-your-wordpress-admin-page/

Hope it helps to some folks out there. :slight_smile: :smiley:

If you’ve got a second VPN/static IP at home/work/etc it’s worth adding that IP too, just incase you need to get on and your VPN is down.

Although you could always go in and remove the .htaccess file via the control panel I guess (unless that has the same IP restriction) :wink:

you are right. hehe. I believe you can add multiple allow in htaccess for a range of IP addresses. I haven’t tried that though.

Am I doing this right if I’m using Nginx? :thinking:

location ~ ^/(wp-admin)/
{
allow 127.0.0.1;
deny all;
break;
}

127.0.0.1 is your machine’s local ip. You cannot connect with that. Use your public IP address or Static IP If you have one.

I use the “Password Protected” Plugin. It also allows ip whitelisting :slight_smile:

Password Protected – WordPress-Plugin | WordPress.org Deutsch

I use Duo / Google Authenticator for two factor as well as locking down IPs :slight_smile:

1 Like

I prefer the VPN way. It saves a lot of CPU/RAM resources since your WP will not execute checking for valid IP connection which causes some I/O, RAM, CPU resources.

Using the VPN limit IP approach you to save some resources. Once Apache found that the connecting IP is not allowed. It will drop the connection thus saving you some CPU cycles (checking MySQL) and some RAM which can be used to serve other visitors.