Previous Syscality

How to Block WordPress Admin Access by IP Address with NGINX

Written by

yogesh.akyinnovative

in

,

Block WordPress Admin Access by IP Address

Security is absolutely critical, particularly for those using WordPress for their websites.

In recent months and years, it has become clear that WordPress frequently falls victim to hacking, primarily due to vulnerabilities in third-party plugins.

Restricting admin access to known IP addresses is essential to effectively preventing code injections through the WordPress Admin area. This strategy is also necessary to thwart brute-force attacks.

Here, you will learn how to configure the NGINX Virtual Host in cPanel to restrict WordPress Admin access by IP address. Take action now to safeguard your site!

First of all, log in to CPanel and navigate to the domain where WordPress is installed.

Add Domains

After that, Open the Vhost Editor to make changes to the NGINX Vhost. By default, the vhost appears as follows:

NGINX Vhost
NGINX Vhost2

Adding the below lines after the {{basic_auth}} placeholder:

Addition After Placeholder

We suggest adding a comment next to each IP address to indicate its owner.

In the previous lines, we specified the locations for wp-login and wp-admin. All URLs that contain wp-login or wp-admin will only be accessible for the IPs 8.8.8.8 and 6.6.6.6.

The final virtual host configuration should appear as follows:

Final Vhost
Final Vhost2
Final Vhost3

Working Test

To verify that the restriction is functioning as intended, we can remove our IP address from the location and send a cURL request to check for the 403 status code.

We will send a GET request via cURL to wp-login.php.

The response clearly shows the expected 403 status code.

403 Status Code

Open the URL in your browser to verify the 403 error.

Conclusion

In conclusion, Block WordPress Admin Access by IP Address using NGINX is a crucial security measure that effectively safeguards your site from unauthorized access and potential attacks. 

Configuring NGINX to restrict access to the wp-admin section is essential for significantly reducing the risk of brute force attacks and other malicious activities.

This strategy not only reinforces your site’s security but also ensures controlled access, allowing only trusted users to manage your WordPress dashboard. 

Take this step to protect your website and maintain its integrity.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts