Skip to content

Instantly share code, notes, and snippets.

@robin-scott
Created October 19, 2018 08:37
Show Gist options
  • Save robin-scott/6b5b78e713633f797657a91a1e104072 to your computer and use it in GitHub Desktop.
Save robin-scott/6b5b78e713633f797657a91a1e104072 to your computer and use it in GitHub Desktop.
Deny access to wp-admin BUT allow ajax to be used in WordPress
// Add this to an .htaccess file at the top of the wp-admin directory to lock down this section of your site to only trusted IP addresses - BUT still allow ajax access
// By Robin Scott of Silicon Dales - details here: https://silicondales.com/tutorials/wordpress/lock-out-all-traffic-except-your-ip-from-login-admin/
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
Order Deny,Allow
Deny from all
Allow from X.X.X.X
@sh4wn007
Copy link

Hello Robin,
I have tried this. However, when I try to visit https://mywebsite.com/wp-admin on my wordpress website, it blocks it, but the same screen is accessible through https://mywebsite.com/wp-login.

So, it does not seem to be working. Any solution?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment