i’m trying to restrict access to admin dashboard (wp-admin.php) by specific static ip so tried to add .htaccess to the wp-admin and set
<FilesMatch "admin\.php$">
Order deny,allow
Deny from all
Allow from 10.0.0.0/24
</FilesMatch>
but is not working and tried to install bulletproof plugin too and change the
<IfModule !mod_authz_core.c>
<IfModule mod_access_compat.c>
Order Allow,Deny
Deny from all
Allow from 000
</IfModule>
</IfModule>
</FilesMatch>
but not working to please any help and many thanks in advance.
1 Answer
By the time admin_init rolls around you should know if you’re doing AJAX or not. If you’re not, then check the IP. Keep in mind that anyone can fake that number.
add_action('admin_init', function() {
if(defined('DOING_AJAX') && DOING_AJAX) {
return; // ignore ajax
};
$ip = $_SERVER[ 'REMOTE_ADDR' ];
if($ip !== '10.0.0.0') {
wp_die(__('You are not allowed to access this part of the site'));
}
});