We can prevent wordpress admin login from unauthorized access using .htaccess file. Here we are allowing admin login from the authorized ip address.
1. Create a .htaccess file in the document root if you don't have one. If you already have a .htaccess file, open the file using your favourite editor and add the following lines to it.
2. Replace the x\.x\.x\.x using your IP address
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^x\.x\.x\.x$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule> - Multiple IP Address Access
1. In case If you are using multiple IP address add the lines as follows
2. Replace the x\.x\.x\.y with your IP addresses
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^x\.x\.x\.1$
RewriteCond %{REMOTE_ADDR} !^x\.x\.x\.2$
RewriteCond %{REMOTE_ADDR} !^x\.x\.x\.3$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule> - Dynamic IP Address Access
1. In case If you have dynamic IP address which changes frequently we can set access based on the domain name of the system.
2. Add the following line to .htaccess file and replace the example\.com with your domain name.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?example\.com [NC]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteRule ^(.*)$ - [F]
</IfModule>
