Security is an important part of managing a website. Unfortunately, it's likely that someone will end up trying to enter your dashboard without your consent. It's up to you to put up enough defenses that they don't succeed.

There are many ways to protect your WordPress site. In most cases, you should focus on securing your login page and dashboard as they are the most likely targets of attacks. With that in mind, this article will teach you how to “whitelist an IP address” in order to access your dashboard. Let's get to work!

What is the whitelist (and why it is an effective security measure)

When you add an IP address to the whitelist to access a specific page, it means that no one, except computers with that address, will be able to access your dashboard. For example, if you are working alone, you can tell WordPress to block access to any IP address that is not yours, so no one other than you can access the dashboard.

The "blacklist", on the other hand, consists of preventing certain IP addresses from accessing a page. It's just as effective, but not as effective as whitelisting. After all, it's easier to whitelist a handful of addresses than to blacklist hundreds of potential attackers. Let's talk a bit more about the other benefits of whitelisting:

• You have complete control over who has access to your pages. We've only referred to your dashboard so far, but you can implement this feature for any part of your Website.
• Attackers cannot access your dashboard, even if they have credentials. If someone can find your username and password, they still won't be able to access your dashboard without physical access to your computer.
• You can whitelist as many IP addresses as you want. WordPress allows you to add as many addresses as you want to your master list.

In any case, it is often more difficult to configure whitelist IP addresses if you are part of a large team. Sometimes you or your teammates may need to work from a different computer, which means you will need to whitelist other addresses, etc. From a security perspective, this is a fantastic option, but you need to analyze if it's viable for your site before implementing it.

How to add an IP address in the whitelist (in 2 steps)

Before going any further, you should create a backup of your Website if you don't have a recent one available. We will modify one of the core WordPress files in the sections below. You should therefore make sure that you have a copy in case everything does not work normally.

Step 1: Make sure you (and your colleagues) have a static IP address

Not everyone has a static IP address, which can make it impossible to create a whitelist without becoming a headache. Before implementing this feature, you should verify that each member of your team has a static IP address (or knows how to set one on their computer).

If someone fails to assign themselves a static IP address, don't despair. In some cases, your Internet Service Provider (ISP) will configure it for you. If all else fails, you can use a virtual private network (VPN) service that offers dedicated IPs as a feature.

Keep in mind that most VPN providers will charge you a premium for a dedicated IP address, this option only makes sense if you need such a service to work.

Step 2: Open and edit your file .htaccess 

In this section, we'll configure your whitelist of IP addresses by adding a few lines of code to your WordPress file.  .htaccess. To access it, you must to use an FTP (File Transfer Protocol) client , such as fileZilla .

First, login to your website using your FTP credentials and go to your folder the root  WordPress, which could also be called  public_html, www,  or the name of your website:

Once you're in, look for the file .htaccess  and right click on it. Now select the option View / Edit , which will open the file using your default local text editor. Your file .htaccess should look like the image below. However, some providersWeb hosting implement original settings for their users, so don't panic if there is extra code:

Either way, don't make any changes to the code if you're not sure what it will do. For now, look for the line  # END WordPress  and paste the following snippet just above:

RewriteEngine on RewriteCond% {REQUEST_URI} ^ (. *)? Wp-admin $ RewriteCond% {REMOTE_ADDR}! ^ FIRST_IP_ADDRESS $ RewriteCond% {REMOTE_ADDR}! ^ SECOND_IP_ADDRESS $ RewriteRule ^ (= 403, $ - [R]

You will notice that there are two placeholders for IP addresses that you can add to your whitelist. Just replace the values FIRST_IP_ADDRESS  et  SECOND_IP_ADDRESS  by the IP addresses you want to add, and that's it.

If you want to add more IP addresses, just copy and paste additional lines to the code before the line that ends with:  [R = 403, L]. This tells WordPress what to do for addresses that aren't on the list. In this case, it returns the error  .

To further secure your website, you can ask WordPress to block access to your dashboard. et  to your login page, for addresses that are not in your whitelist. Here is the code you will need:

RewriteEngine on RewriteCond% {REQUEST_URI} ^ (. *)? Wp-login.php (. *) $ [OR] RewriteCond% {REQUEST_URI} ^ (. *)? Wp-admin $ RewriteCond% {REMOTE_ADDR}! ^ FIRST_IP_ADDRESS $ RewriteCond% {REMOTE_ADDR}! ^ SECOND_IP_ADDRESS $ RewriteRule ^ (. *) $ - [R = 403, L]

Conclusion

When you add an IP address to your whitelist, you are telling WordPress to only give that computer access to your dashboard. This means that addresses that are not on your master list will not be able to load the dashboard at all. In other words, even if someone succeeds in stealing your credentials, they will not be able to access your website.

The best part is that, the implementation of this feature is rather simple, and consists of two steps:

1. Make sure that you and your colleagues have static IP addresses.
2. Open and edit your file .htaccess  .

Do you have questions about how to put an IP address in a whitelist on WordPress? You can ask your questions in comments!