Table of Contents
WordPress holds a leading position in the Content Management System (CMS) industry, enjoying a market share of over 60%. In other words, the dynamic CMS is powering over 75 million websites on the Internet, including 30% of the top million global sites.
However, the platform’s ability to bless millions of online businesses with bread and butter is what makes it a potentially significant target for cybercriminals. In fact, according to WordFence, over 90,978 hacking attempts are made every minute on small or big WordPress websites globally.
The worst part is that insecure and stolen passwords are the primary cause of 81% of the attacks on WP installations.
This being said, it is essential to fortify your WP installation with the best tool you have in your arsenal. There are several ways you can go about with your WP security. For instance, you can use SSL certification, configure the lockdown feature, change passwords, or, best of all, you can whitelist IP addresses in WordPress.
In today’s post, we will discuss what IP whitelisting is and how to whitelist IP in WordPress.
What are Whitelisting IP Addresses?
Have you ever used an elevator that uses a key-card for access? Luxurious condos and corporate buildings usually use it. In such places, the elevators are accessible to only authorized users who have specific vital cards.
WordPress whitelisting works in a similar fashion to that of an elevator key card. When you whitelist an IP address, you authorize specific IP addresses to access the entire website or any part of it, such as its dashboard. The best part of this feature is that it is set up at the server level and not the end-user level.
This makes IP whitelisting an excellent and effective security solution that restricts any unauthorized access to your WordPress for good.
You should also keep in mind that there’s a stark difference between whitelisting and blacklisting. If whitelisting commands servers to authorize access to only a specific IP, then a blacklist tells servers to block specific IPs’ access to a website.
How to Whitelist IP Addresses in WordPress
Restricting WordPress admin access by IP is relatively easy to configure. Regardless, here is how you can whitelist IP addresses in WordPress.
Whitelist IP Address via .htaccess
If you are okay doing some manual configuration on a root file on WordPress, this is the method you should choose. However, before getting started, make sure that you have listed and double-checked all the IP addresses that you want to whitelist for WordPress access. Secondly, it is recommended that you take a backup of your WP site, just in case things go south.
Locate .htaccess File
To get started, you first need to locate the .htaccess file in your WordPress folder. Htaccess is a pretty powerful configuration file that not only allows you to whitelist IPs but also redirects for specific pages.
There are two ways you can access the .htaccess file. If you have installed a File Transfer Protocol (FPT) client, you can launch the app and go to the WordPress root folder. You can find the .htaccess in the folder there.
Or, you can go to the WordPress CPanel, Filer Manager Tool, public_html, and then the .htaccess file.
Edit the .htaccess
Right, click the .htaccess file to view or edit the file. After opening the file, you need to copy/paste the following codes:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^IP_ADDRESS_ONE$
RewriteCond %{REMOTE_ADDR} !^IP_ADDRESS_TWO$
RewriteRule ^(.*)$ – [R=403,L]
</IfModule>
In this shortcode, you can replace the ^IP_ADDRESS_ONE$ with the real IP that you want to whitelist. Similarly, you can copy/paste the same lines if you want to authorize multiple IPs. However, make sure that you don’t remove the “^” and “$” symbols from the code.
The code above allows you to restrict access to the login page of your WP site as well as the dashboard. After making the changes to your .htaccess file, save the file and test the newly added security defense system to make sure that the feature is working.
Whitelist IP Address via Plugin
One of the benefits of working on a WP platform is that you get to play with a plethora of WP plugins that give you added functionality. Likewise, if you are not comfortable with manual configuration for IP whitelisting, you can always opt for a reliable WP plugin.
The plugin will allow you to skip the above steps and whitelist one or more IPs right from the WP dashboard. You can toggle on or off the plugin whenever you want.
The Security Benefits of Restricting Admin Access by IP in WordPress
IP whitelisting reinforces the security of your WordPress platform by many folds. For starters, it blocks unauthorized users from accessing your WP dashboard or tinkering with its security settings or database.
It is a much efficient security measure than complex passwords or two-factor authentications. After all, we have read about hackers gaining access to password-secured databases or breaching systems that were using two-factor authentication.
However, the beauty of this feature is that any unauthorized user won’t be able to get access to the WP website even with the right credentials. Moreover, whitelisting also acts as a robust security measure against SQL Injection that are usually carried out on web pages that have input fields.
By whitelisting multiple IP addresses, you can control who gets access to the backend of your website and who doesn’t.
The Drawback of Restricting WordPress Admin Access by IP Addresses
While IP whitelisting is a good security measure, it comes with its drawbacks. For starters, you won’t be able to effectively use the feature when you are on a home network. After all, the home network tends to change the IP address every time the switch is restarted.
Similarly, you won’t be able to log into the WP dashboard when you are on public Wi-Fi, such as in cafés, restaurants, etc.
If you are working with remote workers, you will have to make it mandatory for them to share their IPs every time they switch networks.
It is because of all these issues that shared, or public IP addresses aren’t recommended for whitelisting. However, you can tackle this problem with a dedicated IP address.
Easy accessibility with IP whitelisting via PureVPN’s dedicated IP VPN.
IP Whitelisting – Get Dedicated IP & Whitelist Your IP Address
How PureVPN’s Dedicated IP Can Help?
A dedicated IP address, aka Fixed IP or Static IP, is your IP that never changes no matter what network you join. Consequently, it is a perfect IP for whitelisting in your WordPress.
Plus, with Dedicated IPs, you are in more control of the Internet than the Internet is of you. For starters, you can fix the dedicated IP to your accounts or bank account to make secure transactions from anywhere. You can also access your home IP camera network, and more.
PureVPN is one of the only few VPNs that provide dedicated IPs with a VPN. We have dedicated IPs from over six different countries, including the US, the UK, Canada, and more.
Getting PureVPN’s IP Whitelisting via Dedicated IP is simple:
- Choose the IP Whitelisting plan of your choice
- Select the Dedicated IP location
- Subscribe to PureVPN
- Enjoy IP Whitelisting with PureVPN
IP Whitelisting – Get Dedicated IP & Whitelist Your IP Address
FAQs
- What does it mean to whitelist a site?
A whitelist site is a stamped approval which gains you authorized access to enter a specific area in the digital world. By whitelisting, you can send out emails that directly land in the recipient’s inbox. - Is IP whitelisting secure?
IP whitelisting is a security feature that is used to limit and control access to reliable users. With IP whitelisting, you can create a list of trusted IP addresses that can only access your domain.
PureVPN
June 20, 2023
10 months ago
