cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
Highlighted
New

Restrict access to wp-admin and wp-login or Windows Plesk hosting

I am trying to replicate advice from here: https://wordpress.org/support/article/brute-force-attacks/

 

I want to restrict access to wp-admin directory for my IP only. Same for wp-login.php file.

 

What I tried:

1. added this to .htaccess

<Files wp-login.php>
  order deny,allow
  allow from xxx.xxx.xxx.xxx
  deny from all
</Files>

this has zero effect.

 

2. added web.config with the following:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
 <location path="wp-admin">
   <system.webServer>
     <security>
       <ipSecurity allowUnlisted="false">
         <add ipAddress="xxx.xxx.xxx.xxx" allowed="true" />
       </ipSecurity>
     </security>
   </system.webServer>
 </location>
</configuration>

When I login to WP admin panel - I get HTTP 500. The website content however works fine. 

If I comment out "ipSecurity" bit - it works fine again, but do not restrict (duh!) 🙂

 

Any advice?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Super User III
Super User III
Solution

Re: Restrict access to wp-admin and wp-login or Windows Plesk hosting

@maxima 

 

I'm a Linux person - I would try what this says  - https://support.plesk.com/hc/en-us/articles/360003545394-How-to-allow-restrict-connections-from-an-I... this will at least tell you if it is enabled already.

 

I'm not sure on Plesk what you can do within the account vs what you have access to within windows itself for your account

 



I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

View solution in original post

3 REPLIES 3
Highlighted
Super User III
Super User III

Re: Restrict access to wp-admin and wp-login or Windows Plesk hosting

@maxima 

 

Generally speaking .htaccess does not work on Windows servers - there are some utilities to make it work, but alot of configuration.

 

https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/ipsecurity/ this suggests you need to enable IP Security as part of IIS on the server



I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

Highlighted
New

Re: Restrict access to wp-admin and wp-login or Windows Plesk hosting

I don't have access to the box. Just plesk.

I chatted to the "support" but they couldn't tell if its enabled or not and said they don't support this once I asked to install ip security.

I am not sure they really understood the request
Highlighted
Super User III
Super User III
Solution

Re: Restrict access to wp-admin and wp-login or Windows Plesk hosting

@maxima 

 

I'm a Linux person - I would try what this says  - https://support.plesk.com/hc/en-us/articles/360003545394-How-to-allow-restrict-connections-from-an-I... this will at least tell you if it is enabled already.

 

I'm not sure on Plesk what you can do within the account vs what you have access to within windows itself for your account

 



I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

View solution in original post