Easily restrict WordPress admin access by IP using an Apache HTTP Server .htaccess file. You may have to View > Show Hidden Files” in your FTP Cyberduck / Filezilla client. Also, instead of /public/
your web server might call the folder something else.
Create a new .htaccess file and insert the following code in your /public/wp-admin/.htaccess
file. Remember to change the redirect URL and IP address.
order deny,allow
# change your IPv4 address below
allow from 192.168.69.420
# IPv6 converter format example
# allow from 2601:5d:0098:5ee0::/64
deny from all
# redirect visitor URL
ErrorDocument 403 https://vondelphia.com
Here is a non-commented version of the .htaccess file you would place in your folder:
order deny,allow
allow from 192.168.69.420
deny from all
ErrorDocument 403 https://vondelphia.com
Limit Access to WordPress Login
You might not know, but if someone visits yourwebsite.com/login they can avoid and skip the .htaccess wp-admin block we just setup, so we want to block that too. Here is the code you’ll add to the (near) top of the main .htaccess file:
<Files wp-login.php>
order deny,allow
allow from 192.168.69.420
deny from all
ErrorDocument 403 https://vondelphia.com/forums/
</Files>
If you tried to paste that snippet to the very top of your .htaccess file, it might break your WordPress website because it does not play well with the native RewriteRule and RewriteCond.