Restrict WordPress Admin Access to Specific IP Addresses

How to restrict wp-admin access by IP; Limit WordPress admin access to specific IP; Block IP address from WordPress login; Restrict wp-login.php access by IP; WordPress admin access control by IP; How to block IP from wp-admin; Limit access to WordPress dashboard by IP; Restrict WordPress login page to certain IPs; Control WordPress admin access with IP address; How to secure wp-admin with IP restrictions;

Explanation

To keep your WordPress admin area safe, you can limit access to only certain IP addresses. This means only people from these IPs can get into the admin dashboard or login page.

Here's how it works:

  • Allowed IPs: You list the IP addresses that are allowed to access the admin area. Replace the example IPs in the code with your own.
  • Visitor's IP: The code checks the IP address of anyone trying to access the admin area.
  • Access Check: If someone tries to visit the admin dashboard or login page, the code checks if their IP is on your allowed list.
  • Access Denied: If their IP isn't on the list, they see a message saying they can't access the page.

This method helps keep unwanted visitors out of your WordPress admin area by only allowing access from specific locations.

Code

<?php
// Restrict access to wp-admin and wp-login.php to specific IP addresses

function wp_dudecom_restrict_admin_access() {
    // Define the allowed IP addresses
    $allowed_ips = array(
        '123.456.789.000', // Replace with your allowed IP address
        '111.222.333.444'  // Add more IPs as needed
    );

    // Get the visitor's IP address
    $visitor_ip = $_SERVER['REMOTE_ADDR'];

    // Check if the current request is for wp-admin or wp-login.php
    if (is_admin() || $GLOBALS['pagenow'] === 'wp-login.php') {
        // If the visitor's IP is not in the allowed list, deny access
        if (!in_array($visitor_ip, $allowed_ips)) {
            wp_die(__('You are not allowed to access this page.', 'wp-dudecom'));
        }
    }
}
add_action('init', 'wp_dudecom_restrict_admin_access');
?>

Instructions

File Location: Add the following code to your theme's functions.php file or a custom plugin file.

Prerequisites:

  • Ensure you have access to your WordPress files via FTP or a file manager.
  • Have the IP addresses you wish to allow ready.

Implementation Steps:

  1. Open your WordPress installation directory and navigate to wp-content/themes/your-theme-name/.
  2. Locate the functions.php file within your active theme's folder.
  3. Make a backup of the functions.php file before making any changes.
  4. Edit the functions.php file using a text editor.
  5. Copy and paste the provided code snippet into the file.
  6. Replace the example IP addresses in the $allowed_ips array with your own IP addresses.
  7. Save the changes to the functions.php file.
  8. Upload the modified functions.php file back to your server if you edited it locally.
  9. Test the functionality by attempting to access the admin area from an allowed and a non-allowed IP address.

If you need assistance with implementation or require more advanced functionality, consider reaching out to wp-dude.com for expert WordPress support.