As a security measure, we decided to limit access by IP to our wp-login.php file in WordPress. We already have our WP Admin directory on limited access by IP. In this article, we will show you how to limit access by IP to your wp-login.php file in WordPress.
Note: This tutorial is for advance user.
Open your main .htaccess file and put this code towards the top of the file before everything else.
<Files wp-login.php>
order deny,allow
Deny from all
# whitelist the following IP address
allow from xx.xxx.xx.xx
#whitelist Gainesvile IP Address
allow from xx.xxx.xx.xx
</Files>
Don’t forget to replace the IP addresses with your own. The only real downside to this is if you have dynamic IPs, then it can be a problem. Otherwise, this works like charm. Also, the wp-login.php styling breaks, but that is not a priority at this moment. We just wanted to prevent the failed login attempts.
You Might Also Like: Optimize Your WordPress Robots.txt for SEO