AUSTRALIAN SOCIAL MEDIA STATISTICS  |  SOCIAL MEDIA AGENCY  |  SOCIAL MEDIA EVENTS  |  INSTAGRAM NEWS

How to hide your WP-admin Directory from the World: WordPress Tip

on March 30, 2011 | WordPress | Comments (10)

Here is a useful WordPress tip/ hack that will not only increase the security of your blog, but also make it look more professional in my opinion.

Often I am looking at a nice website, that I think it may be built on WordPress. To check this people often enter wp-login or wp-admin at the end of the URL to check if indeed the site is a WordPress setup.

I don’t think having the general public accessing this link is particularly professional or secure, unless you have your wp-admin area on a SSL encryption which is not realistic unless you have a high traffic / money generating website.

I have noticed in my website logs many people are hitting my wp-login or wp-admin pages. I would prefer if this doesn’t happen.

There are many ways to stop people accessing this by hacking/recoding various WordPress files, but in my opinion this is getting a bit messy, especially should you want to revert the changes at a later date.

An easier way to achieve blocking access to wp-login and wp-admin is by adding a new .htaccess file to the root of your wp-admin folder.

Note: wp-admin folder NOT blog root.

Here are the steps:

1. create a new .htaccess file using notepad

2. drop the following code into the file;

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Example Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xx
allow from xxx.xxx.xxx.xx
</LIMIT>

3. Where you see xxx – replace this with the IP addresses you would like to allow to the wp-login and wp-admin.

One IP address on each line

You can add multiple lines of: allow from xxx.xxx.xxx.xx
This would be useful if you have multiple places you login from, or have multiple authors posting content/ articles.

4. Upload the .htaccess file to the root of your wp-admin folder
This is very important, don’t upload it to the root of your webhost of you may break your blog.

And you are done!

I hope you find this tip useful. If you have any alternative suggestions or comments – please do let us know.


David Cowling : Editor and Founder of SocialMediaNews.com.au. I also run a Social Media Agency where I do consulting work and another blog dedicated to Instagram news. Connect with me: Twitter | LinkedIn | Google + or contact me here. Alternatively, you can send me an email at david@socialmedianews.com.au







MONTHLY NEWSLETTER SIGN-UP