Allow wp-admin access for specific IPs and block for others

Question

I am trying to block wp-admin page for all outside users and allow only for specific IP addresses. My website is hosted on IIS.

I tried 2 options:

1.Adding rewrite rules in IIS manager. It shows 403 for all other(correct) and 500 error for those specific IP's (incorrect).

2.I have also tried putting below code in .htaccess but this code is not doing anything. all ips can still access wp-admin page. Not sure if editing .htaccess file works as I am on IIS.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^ipaddress$
RewriteCond %{REMOTE_ADDR} !^ipaddress$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

how to fix this?

Answer 1

.htaccess file directives to restrict access to wp-admin directory

If you already have an .htaccess file in your wp-admin directory, open the .htaccess file and add the below example at the end of the .htaccess file.

If you do not have an .htaccess file in your wp-admin directory, then simply create a new one.

order deny,allow 
# Replace the below 192.168.5.1 with your IP address
deny from all
allow from 192.168.5.1(place your ip here)