Apache modules
Already we have solidified login to WordPress, some interface tools, and the server. Let's fill some gaps by restricting access and protecting specific web directories.
IP deny with mod_access
Apache offers a sure-fire way to lock down admin, care of the mod_access module.
Similar to cPanel's IP Deny Manager, the greater flexibility of hand-coding empowers us to allow or deny all but specified IP addresses, domains, hosts, and networks.
For now, we'll prevent access to the wp-admin directory pages for all IPs except yours.
Open an htaccess file in your wp-admin directory via your control panel or the terminal:
nano /path/to/WP-root/wp-admin/.htaccessAdd these lines, swapping the IP for yours:
order deny,allow deny from all allow from 123.45.67.890
Need access from more IPs? Just add more alongside the first one, single space separated.
But. If your IP address is dynamic, which very often it is, you may find this method a little too effective. If you do become locked out, cruise server...
