To protect sensitive parts of your website—such as your WordPress admin area—from unauthorised access, you can limit access to specific IP addresses. This is an effective way to prevent hackers or bots from even reaching the login screen.

Note: Use this method only if your IP address is static (doesn’t change regularly). If your IP changes frequently, you may lock yourself out and need server-level access to restore access. Always take a backup of your .htaccess file before making changes.

Step 1. Log in to your cPanel account.

Step 2. Open the File Manager from the Files section.

Step 3. Navigate to the directory you wish to protect. For WordPress sites, this is usually the wp-admin folder.

Step 4. If the .htaccess file does not exist inside this folder, click +File to create one named .htaccess.

Step 5. Right-click the file and select Edit. Then, paste the following code:

order deny,allow
deny from all
allow from YOUR-IP-ADDRESS-HERE

Step 6. Replace YOUR-IP-ADDRESS-HERE with your actual IP address (e.g. 203.0.113.5).

This configuration blocks access to everyone except the IP address specified. If you want to allow access from more than one IP, simply add another allow from line beneath it:

allow from 203.0.113.5
allow from 198.51.100.27

Once set, attempts to access the directory from other IP addresses will be blocked entirely.

Was this answer helpful? 0 Users Found This Useful (0 Votes)