How to Limit Dashboard Access in WordPress

How to Limit Dashboard Access in WordPress

In today’s tutorial, we’ll show you, How to Limit Dashboard Access in WordPress. WordPress is the most popular CMS in the world and is used to power over 60% of all websites using a CMS. With WordPress being so popular, WordPress sites are the most popular target for hackers who want to exploit the WordPress security vulnerabilities. To minimize the chances of your WordPress site being hacked, you should restrict access to the WordPress admin dashboard area and update the WordPress core, plugins and themes as soon as updates are available. Limiting the access to the WordPress admin area will help you to mitigate many common security threats. In this blog post, we will show you how to limit your WordPress site and to restrict access to the WordPress admin area, using the .htaccess file if you are using Apache as you web server, or with nginx location rule if you are using Nginx as your web server.

Limiting access to the WordPress dashboard area with .htaccess file

If you are using Apache as your web server and you have a static IP address assigned to your machine then the easiest way to restrict access to the WordPress admin area to a specific IP address is to use the .htaccess file. The .htaccess file is a hidden text file which resides in the WordPress root directory, usually named public_html. For example if your IP address is 123.123.123.123 to allow access to the WordPress admin area and to the WordPress login page only to your IP address, open the .htaccess file and add the following:

RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ 
RewriteCond %{REMOTE_ADDR} !^123.123.123.123$
RewriteRule ^(.*)$ - [R=403,L]

The rule above will show a 403 Forbidden message to anyone trying to access the WordPress admin area and WordPress login page except to the allowed IP address 123.123.123.123.

Limiting access to the WordPress dashboard  area with nginx rule

If you are using nginx as your web server then instead of editing .htaccess file you need to add the following location rule to your domain Nginx server block:

location ~ ^/(wp-admin|wp-login\.php) {
    allow 123.123.123.123;
    deny all;
}

Same as before, the rule above will show A 403 Forbidden message to anyone trying to access the WordPress admin area and WordPress login page except to the allowed IP address 123.123.123.123.

If you have a dynamic IP address, is not recommended to restrict access to the WordPress admin area to a single IP address because your IP address will change when you restart your router and you will not be able to access the WordPress admin area.


If you use one of our WordPress VPS Hosting services, you can simply ask our expert Linux admins to protect your WordPress site and to restrict access to the WordPress admin area for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post, on how to restrict dashboard Access in WordPress,  please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

Leave a Comment