By default your wordpress login page is open for everybody, anyone can just type /wp-admin or /wp-login.php next to your domain name and reach your site entry point. So what do they do after reaching the entrance, they simply try to get in to your dashboard by attempting several logins. You should always be aware of malicious visitors who try to break your site login. Most of the times they automate brute force attacks (some hacking programs) to guess your wordpress user-name and password. In order to protect your site from brute force attacks and hackers you must take several security measures. Here we will see how to limit access to wordpress login page (wp-login.php) by IP address which is used as a strongest security act for private blogs.
In the initial period of this blog we have published a detailed article about preventing wordpress site from being hacked. If you go through that article then you will come to know some basic level security tips. To reduce the risk you have to consider these steps that is you have to maintain strong passwords, you should not use the default username admin etc. Also we have posted about limiting the number of login attempts which will be useful in blocking a user if he tries more than a number of specified logins. Anyhow the best part in protection would be double locking your wordpress admin directory which adds an additional authentication.
How to limit access to wordpress login page by IP address
Brute force attacks are executed by software’s which are aimed to gain entry to your site. The point is it tries multiple combinations of usernames and passwords again and again until it gets success. So due to such strong attacks your server runs out of memory and suddenly stops responding. If you are the only one running your blog (private blog/website) then you can deny your site login to everybody else except yourself.
<Files wp-login.php>
order deny,allow
Deny from all
# Only allow this IP
allow from xx.x.xxx.xx
# Allow another IP
allow from xx.x.xxx.xx
</Files>
To limit access to wordpress login page by IP address copy the code and paste it in your site’s .htaccess file just above everything. Next replace xx.x.xxx.xx with your IP address and make sure that your IP address stays static or else you have to change it every time. The second IP address is optional which you can remove if you want. Hope your single authored wordpress blog is much safer than before.