WordPress Admin Security

No matter how small or large your website may be, somebody will try to hack your website.

One of the ways this can be done is to crack your WordPress admin password. It is no secret that the admin login page for WordPress is “mydomain.com/wp-admin” a hacker could basically go to your admin login page and try to guess your password. More than likely, they will use a bot to repeatedly try different passwords until the correct one is found.

This, I believe, is called a brute force attack. There are plugins that guard against this type of attack. They restrict login attempts to a set number of tries.

They are also plugins that allow you to rename the WordPress admin URL directory. So you could rename “mydomain.com/wp-admin” to “mydomain.com/whatever”   This way, only you know the URL to your WordPress admin page.

Another way to protect your WordPress admin page is to use an IP redirect. Like every website, needs an IP address, every internet connection has an IP address. For internet connections, there are two types of IP addresses: dynamic and static. Dynamic IP addresses can change over time, while static IP addresses stay the same.  The difference between the two is important to understand; you will find out later on.

An IP address is based on country and region, country, etc. A range of IP addresses is allocated to an Internet Service Provider (ISP). The ISP allocates an IP address to an internet connection.

Most internet connections have a dynamic IP address. You can ask your ISP for a static IP address. This is usually an extra cost for an internet connection and is part of a business internet connection add-on option.

Having a static IP address has its benefits in that you can run your own website and email server. Also, it can be used in a smart home system when you want to access your smart home remotely.

The Redirect

This code will redirect any internet connection accessing “mydomain.com/wp-admin” to mydomain.com other than the internet connection with the stated IP address.


# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine on

RewriteCond %{REMOTE_ADDR} !^xx\.xx\.xx\.xx$

RewriteRule ^ http://www.mydomain.com/ [R]


# END WordPress


How to use

  1. Open a basic text editor, such as Notepad (Windows) or Textedit (Mac).
  2. Saved the blank file using “Save As” The file name is “.htaccess” not “htaccess.txt”. This is to get the right file format.
  3. Copy the code above, paste it into your text editor, and save.
  4. Go to whatsmyip.org to get the IP address for your internet connection. 
  5. If IP address is change the code ^xx\.xx\.xx\.xx$  to  ^11\.22\.33\.44$
  6. Change the “mydomain.com” URL to “your domain” and save.
  7. Log into your hosting control panel. Go to the file manager that shows the folder structure on your website. Navigate to the wp-admin folder. From there, you should be able to upload the file you created into the wp-admin folder.

Now if anyone tries to access yourdomain.com/wp-admin that’s not on your internet connection, they will be redirected.

Locking Yourself Out

If at some point you are at home or at work and you are redirected, don’t panic; it means you have a dynamic IP address and your IP address has changed. It could also mean you are at a different location, which would mean the internet connection you are now using has a different IP address.

In both cases, it is just a matter of updating the IP address in the redirect file. Follow steps 4 and 6 in the instructions above.

Note: You could also rename the file to “.htaccessx”. or whatever temporarily.

Raymond Bruce – Out!

Add Your Heading Text Here
Add Your Heading Text Here
Connect On Facebook
Connect On Twitter
Connect On Pinterest
Connect On Instagram
Connect On Youtube
Connect On Spotify
Connect On Twitch
Connect On Apple Music
Connect On Medium
Connect On TikTok

Table of Contents