How to whitelist IP addresses on WordPress?

On WordPress, a whitelist (allowed list) permits authorised visitors while blocking access to those who are not supposed to enter. Here is our guide to help you apply this technique to IP addresses on WordPress, using the .htaccess file.

Think of an office building. To enter it, you must first pass through reception, which holds a list of appointments to verify that each person is expected. Those who are on the whitelist (in other words, on the appointments list) can come in.

The same principle applies to your WordPress site. The logic works in exactly the same way, but in the digital realm. The whitelist therefore allows you to restrict access to your IP address and prevent anyone from doing as they please.

The role of the whitelist

We hear a lot about the "blacklist" but rather less about the whitelist. It is important insofar as it can control who can access or not access your WordPress site — whether that is the entire website or a specific area, such as the wp-admin dashboard. It instructs your server on which IP addresses are permitted and can block access to all others. The whitelist tells the server to block all traffic except from the specified IP addresses. Unlike the blacklist, which deals with blocking a handful of malicious actors, the whitelist is useful for locking down access entirely.

Why whitelist IP addresses?

Whitelisting IP addresses offers several benefits:

• It strengthens your site's security by controlling access to sensitive areas of your WordPress site, such as your dashboard
• It helps restrict access to your site
• Authorised IP addresses can access specific areas of your site
• It can be very useful for a development site. For example, if you are planning to launch a new site, you may not want people to be able to inspect every element before you are ready. By adding IP addresses to your whitelist, you and other authorised users can view your current WordPress site, whilst no one else will be able to visit it until you have launched.

How to create a whitelist of IP addresses?

For this process, you simply need to manually edit one of your WordPress files to implement this feature. Before you begin, it is advisable to back up your site. Then make sure you have a list of the IP addresses of all your team members or of those whose access you are authorising. To confirm these are indeed their IP addresses, a simple tool such as IP Location Finder can be used — it will be able to visit your site, to note down each IP address and share them with you.

How to whitelist IP addresses using Apache .htaccess

Most WordPress hosts use the Apache web server, which means you can add IP addresses to the whitelist using an .htaccess file.

The .htaccess file allows basic configuration that you can use to modify Apache's behaviour, folder by folder. For example, in addition to helping you add IP addresses to the whitelist, this file can also configure redirects.

Accessing the .htaccess file

To access this file, connect to your WordPress site via FTP and locate it in the root folder.

• Use the File Manager tool in cPanel
• Locate the .htaccess file via FTP
• Make a copy of your .htaccess file in case you make an error
• Enter the following code snippets:

order deny,allow

deny from all

allow from 123.123.123.123

If you wish to add several IP addresses to the whitelist, simply add another "allow" line like this:

order deny,allow

deny from all

allow from 123.123.123.123

allow from 234.234.234.234

To block access to your wp-admin and wp-login.php pages, enter the following code snippet:

RewriteEngine on

RewriteCond %{REQUEST_URI} ^(.)?wp-login.php(.)$ [OR]

RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$

RewriteCond %{REMOTE_ADDR} !^123.123.123.123$

RewriteRule ^(.*)$ - [R=403,L]

Make sure to replace the example IP address with your own, but leave the backslashes in place. Simply replace the numbers "123" with the correct ones. As before, you can add multiple IP addresses to the whitelist by duplicating the line containing the IP address, like this:

RewriteEngine on

RewriteCond %{REQUEST_URI} ^(.)?wp-login.php(.)$ [OR]

RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$

RewriteCond %{REMOTE_ADDR} !^123.123.123.123$

RewriteCond %{REMOTE_ADDR} !^234.234.234.234$

RewriteRule ^(.*)$ - [R=403,L]

Make sure to save your changes!

Whitelisting IP addresses with a WordPress plugin

If you would rather not delve into your .htaccess file, there are also plugins that can help you add IP addresses to your whitelist, such as Cerber Security. They do not completely block unauthorised IP addresses, but they help to lock down your login page for all IP addresses that are not on the whitelist.

We do, however, recommend using your .htaccess file. This will guarantee optimal security and broaden your knowledge in this area at the same time!

Source: Managewp.com

YOU MIGHT ALSO LIKE

UGC, the future of marketing: How user-generated content can revolutionise your marketing strategy

by Yumea, 7 March 2023

UGC (User Generated Content) is changing the game in the world of marketing. With the rise of social media and content-sharing platforms, the ... READ MORE

Category: News , Getting visible online , Social media

Comments: 0

How to use Instagram to reach your audience and drive traffic to your site?

by Yumea, 1 February 2023

Social media has become an indispensable tool for businesses looking to reach their target audience and drive traffic to their website. With more than 3.8 billion active social media users worldwide ... READ MORE

Category: Getting visible online , Instagram , Social media

Comments: 0

7 Artificial Intelligence (AI) tools you need to know in 2023

by Yumea, 12 January 2023

In 2023, there are many sites that use artificial intelligence (AI) to help users write content and generate images. If you are looking for tools to help you write ... READ MORE

Category: News

Comments: 0