Restrict access to wp-admin & other backend login options

I have wordpress setup to where it should restrict access to the backend items based on IP address, however it’s blocking it even with the Public IP address.

If you’d want to allow only one or multiple IP address(es) to access the wp-login.php page adn block everyone else from accessing it, I’d suggest you to create a WAF rule where:

That way, only your public IP (or VPN IP?) is allowed while everyone else is blocked if they try to access wp-login.php page.

Furthermore, you don’t want to block the “wp-admin” and anything below it since WordPress themes, plugins, etc. uses resources (JS and CSS files) and has Ajax requests through it. If you’d block “wp-admin”, your Website would experience crashes and bugs, not working as expected, etc.

Otherwise, a better way would be to use Cloudflare Access in such case.

Great step-by-step tutorial how to configure it at the articles from below:

Other suggestion:

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.