WordPress is the most popular Content Management System in the world which powers around 60% of all the websites using a CMS. WordPress sites are the most popular target for the hackers. So it is essential to make the WordPress website secure. To ensure security it is crucial to restrict the access to WordPress admin Dashboard and update the WordPress core files, plugins and themes depending on the availability of updates. Limiting the access to the WordPress admin dashboard will help you to get rid of many security threats. Now let’s have a look into how to limit the WordPress admin dashboard access via a plugin and via the .htaccess file.
1) Login to the WordPress admin dashboard of your website.
2) Install the plugin named “Remove Dashboard Access”.
3) After the installation and activation, navigate to Settings >> Dashboard Access to configure the plugin.
4) “Remove Dashboard Access” plugin allows you to choose various user roles that can get access to the dashboard. You can choose administrators, editors, and administrators, or authors, editors, and administrators as shown in the below screenshot.
As another method, you can also limit the access by capability. That is, you can control what kind of activities do the user perform. You can also redirect the restricted users to another page of your website by using the option “Redirect URL”. The next option is “User profile Access” you can allow or disallow the users to edit their profiles if you need this enabled you have to check the box. Once you are done with the settings you can click on the Save changes button. This will restrict all the unwanted users from accessing your WordPress Dashboard.
Now let’s have a look into how we can limit the users via .htaccess file from being accessing the WordPress Dashboard.
1) SSH into the server as root or with the user privilege.
# ssh root@IP
or
# ssh user@IP
2) Navigate to the document root of your WordPress website and open the .htaccess file with your favorite text editor.
# cd /document root of your website/
# vi .htaccess
3) Add the following code in it.
# RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$
RewriteCond %{REMOTE_ADDR} !^Your Public IP Address$
RewriteRule ^(.*)$ – [R=403,L]
Change the “Your Public IP Address” with your original Public IP address which you can get from the link: http://ip.is.cc/ . Now save the file.
The rule we added will throw a 403 error for the users who try to access the WordPress dashboard of your Website.
Hence we have learned how to limit the access to the WordPress dashboard for unknown users.
If you have any doubt regarding this, please do reach our support department.