Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
WordPress Plugins
View all Guides


  1. Stéfano Willig says:

    We have made our ftp accessable only by certain IP.
    Now I can’t install or update wordpress directly via wordpress…
    What can I do?

  2. Jobbatam says:

    Great tips and works for me.
    But, Can i redirect wp-login to error 404?
    If can, what code i add into code above?


  3. MargaretMacnamar says:

    It’s very simple to find out any matter on net as compared to textbooks, as I found this post at this website.

  4. EQHRaymond says:

    Thank you for the function. Post aided me a whole lot

  5. Rex Wickham says:

    If you want to add more than one IP you can do this:

    1. you can use a partial IP:

    Allow from 145.50.39

    This will allow IP from to

    2. you can use a netmask or a CIDR:

    Allow from


    Allow from

    This will allow IP from to

  6. David Swanson says:

    I added the code to my .htaccess but when my users logout they receive Error 403.
    When they click logout the link is /wp-login.php?action=logout

    Anyway to fix this?

  7. Brijesh says:

    Great Tip! But i got a problem. It locks admin login from others ips, but if a registered user sign out from site, code also restricts that. I mean when user click sign out, it gives forbidden message. How to solve it?

  8. Rafaqat says:

    Thanks for your quick guideline to protect from excessive and illegal log in attempts. Actually there is a free plugin “better wp security” that can manage nearly all security issues regarding,login attempts,wp.config file,.htaccess file and many more. I think one should give it a try.

  9. Kris says:

    To get around the dynamic IP issue you can reference an htpasswd.

  10. Baptiste Legrand says:

    Thanks for this great tip ! But i’m a but confused : should I paste this snippet in my root .htacess file, or into my wordpress/.htaccess file ?

    Cheers (and btw, I just LOVE, keep up the good work !)

  11. Editorial Staff says:

    With dynamic IPs this can be a pain. You can set Apache Protect on it, but that is a bit more complex. #whitelist line is just to let me know which IP is which.

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.