Astra saved my website from the dreaded Japanese SEO hack. Have used Astra for my website's security ever since & super happy to see dozens of attacks being stopped & the support I've received Ingrid Kjelling
Owner, IK Photography

[Lesson 3] Restrict Access To wp-admin in 5 Minutes

wp-admin is the cockpit of your WordPress. You can control your whole website from the wp-admin area. This is one central area of your website that holds supreme powers. And, hence a desired target.

Now, restricting access and disabling user registration can help secure your wp-admin from hackers. Learn the step-by-step process here.


Restrict Access To wp-admin

Allowing only a select IP can resist hacker’s IP  from reaching your website. 

Here is how you can restrict others from accessing your website.

Step 1 – Connect to your website through an FTP client

Step  2 – Navigate to public_html directory>wp-admin

Step 3 – Create a .htaccess file there

Step 4 – Paste the following code there and save it-
Order, Deny, Allow
Deny from all
Allow from xx.xx.xx.xx

Edit the “Allow from” line to allow your IP address. For multiple IP whitelisting, repeat the “Allow from” in the next line and so on.


Disable User Registration 

Usually, there is a Register link on your WordPress login page. You can disable this Registration form to discourage access to wp-admin.

This will redirect visitors to the standard login form if they try to access the register form after being shown an error message.

To disable user registration on your WordPress, follow the next steps:

Step 1 – Go to your WP dash>general>settings

Step 2 – Uncheck ‘Anyone can register’ option from there.

Step 3 – Save the changes.

And, you are good to go.

Secure WordPress Site Email Course

WordPress Security Lessons

Rock solid security, amazing support

Super Secure My Business