Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Black list and white list WordPress login
# Add the following block to your WordPress .htaccess just above the section labeled 'BEGIN WordPress'
<IfModule mod_rewrite.c>
# Restrict login to my IP
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
# Your IP address goes below. Escape the dots with a backslash.
# Whitelist multiple IP addresses by copying and pasting the line below and
# changing the IP address to the one you want to whitelist.
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
# Send a 403 HTTP error code to all others.
RewriteRule ^(.*)$ - [R=403,L]
# Blacklist access to your entire site to particularly malicious IP addresses.
Order Allow,Deny
Deny from 81.171.75.0/24 # Mudhook Marketing VPN 81.171.75.0 - 81.171.75.255
Deny from 185.220.70.0/24 # m247 in Frankfurt, DE
Deny from 69.12.66.250
Deny from 69.12.66.250
Deny from 87.229.51.49
Deny from 146.185.26.68
Deny from 93.125.99.82
Deny from 31.31.196.209
Deny from 5.134.116.189
Deny from 146.88.235.39
Deny from 91.134.248.253
Deny from 69.162.123.154
Deny from 185.220.100.253
Deny from 23.129.64.105
Deny from 192.42.116.16
Deny from 216.239.90.19
Deny from 83.169.216.1
Deny from 81.171.57.64
Deny from 185.220.70.138
Allow from all
</IfModule>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment