I am trying to block wp-admin page for all outside users and allow only for specific IP addresses. My website is hosted on IIS.
I tried 2 options:
1.Adding rewrite rules in IIS manager. It shows 403 for all other(correct) and 500 error for those specific IP's (incorrect).
2.I have also tried putting below code in .htaccess but this code is not doing anything. all ips can still access wp-admin page. Not sure if editing .htaccess file works as I am on IIS.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^ipaddress$
RewriteCond %{REMOTE_ADDR} !^ipaddress$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
how to fix this?
.htaccess file directives to restrict access to wp-admin directory
If you already have an .htaccess file in your wp-admin directory, open the .htaccess file and add the below example at the end of the .htaccess file.
If you do not have an .htaccess file in your wp-admin directory, then simply create a new one.