How to hide your WP-admin Directory from the World: WordPress Tip
Here is a useful WordPress tip/ hack that will not only increase the security of your blog, but also make it look more professional in my opinion.
Often I am looking at a nice website, that I think it may be built on WordPress. To check this people often enter wp-login or wp-admin at the end of the URL to check if indeed the site is a WordPress setup.
I don’t think having the general public accessing this link is particularly professional or secure, unless you have your wp-admin area on a SSL encryption which is not realistic unless you have a high traffic / money generating website.
I have noticed in my website logs many people are hitting my wp-login or wp-admin pages. I would prefer if this doesn’t happen.
There are many ways to stop people accessing this by hacking/recoding various WordPress files, but in my opinion this is getting a bit messy, especially should you want to revert the changes at a later date.
An easier way to achieve blocking access to wp-login and wp-admin is by adding a new .htaccess file to the root of your wp-admin folder.
Note: wp-admin folder NOT blog root.
Here are the steps:
1. create a new .htaccess file using notepad
2. drop the following code into the file;
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Example Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xx
allow from xxx.xxx.xxx.xx
</LIMIT>
3. Where you see xxx – replace this with the IP addresses you would like to allow to the wp-login and wp-admin.
One IP address on each line
You can add multiple lines of: allow from xxx.xxx.xxx.xx
This would be useful if you have multiple places you login from, or have multiple authors posting content/ articles.
4. Upload the .htaccess file to the root of your wp-admin folder
This is very important, don’t upload it to the root of your webhost of you may break your blog.
And you are done!
I hope you find this tip useful. If you have any alternative suggestions or comments – please do let us know.